Digital work protection system, record/playback device, recording medium device, and model change device

ABSTRACT

A system includes of a main device and a recording medium device. The main device includes a reception unit that receives a digital work from an external distribution server, an internal storage area for storing the digital work, a playback unit that plays back the digital work, and a unique information storage area for storing information that is unique to the main device. The main device also includes an encryption unit that encrypts the digital work using the unique information, a decryption unit that decrypts, using the unique information, the encrypted digital work having been read from the recording medium device, a write unit that writes the encrypted digital work into the recording medium device which is portable, and a read unit that reads the encrypted digital work from the recording medium device.

This application is based on an application No. 2001-208532 filed inJapan, the content of which is hereby incorporated by reference.

BACKGROUND OF THE INVENTION

(1) Field of the Invention

The present invention relates to a technique to distribute, receive,record, and play back digital works over a network.

(2) Description of the Related Art

Thanks to recent technological advances, digital works, such asdigitized documents, music, images, and programs, have been distributedover a network typified by the Internet, which allows users to easilyretrieve various digital works via a network, and record the retrieveddigital works onto a separate recording medium to play back.

However, the above advantage that users are allowed to convenientlyreplicate digital works is inevitably attended with a problem in thatthe copyrights of digital works may be infringed easily.

SUMMARY OF THE INVENTION

To address the above problem, an object of the present invention is toprovide a digital work protection system, a record/playback device, arecording medium device, a model change device, a record/playbackmethod, a record/playback program, and a recording medium storing arecord/playback program, each of which records a digital work stored inthe internal memory of a record/playback device into a portablerecording medium device in a manner to prohibit playback of the recordeddigital work with any device other than the record/playback deviceemployed at the time of the recording.

To achieve the above object, in one aspect of the present invention, adigital work protection system for recording and playing back digitalwork, comprises a portable recording medium device including a storagearea and being attached to a record/playback device and therecord/playback device. The record/playback device includes: an internalstorage unit operable to store a content that is a digital work; aunique information storage unit operable to prestore device uniqueinformation that is unique to the record/playback device; an encryptionunit operable to encrypt the stored content based on the prestoreddevice unique information to generate encrypted information; a writeunit operable to write the generated encrypted information into thestorage area of the recording medium device; a read unit operable toread the encrypted information from the storage area of the recordingmedium device; a decryption unit operable to decrypt the read encryptedinformation based on the prestored device unique information stored inthe unique information storage unit to generate a decrypted content; anda playback unit operable to play back the generated decrypted content.

With this construction, the record/playback device encrypts the contentbased on the device unique information that is unique to therecord/playback device to generate the encrypted information, andrecords the generated encrypted information on to the recording mediumdevice. In order to play back the content, the record/playback devicedecrypts the encrypted information based on the device uniqueinformation stored in record/playback device. Thus, there is an effectthat the encrypted information stored in the recording medium device isneither decrypted nor played back by any device other than therecord/playback device having the unique information stored therein.

Here, it is preferable that the encryption unit encrypts the contentusing the device unique information as a key to generate the encryptedinformation, and the decryption unit decrypts the read encryptedinformation using the device unique information as a key.

With this construction, the content is encrypted using the device uniqueinformation as a key to generate the encrypted information, and the readencrypted information is decrypted using the device unique informationas a key. Thus, the encrypted information stored in the recording mediumdevice is not decrypted or played back by any device that does not havethe device unique information.

Here, it is preferable that the record/playback device further includesa condition storage unit operable to store usage condition informationshowing a permissive condition for use of the content; and a conditionjudgment unit operable to judge whether use of the content is permittedaccording to the usage condition information.

With this construction, the record/playback device prestores the usagecondition information showing a permissive condition for use of thecontent, and judges according to the usage condition information whetheruse of the content is permitted. The decrypted content is played backonly when the content is judged to be permitted. Thus, the content isprotected from being used when the conditions shown by the usagecondition information is not met.

Here, it is preferable that both the unique information storage unit andthe condition storage unit are read-protected as well as write-protectedagainst any external device unless the device is specifically permittedto read or write the unique information and the usage conditioninformation.

With this construction, the unique information storage unit and thecondition storage unit are write-protected and read-protected againstany external device. Thus, the device unique information and the usagecondition information are protected from being leaked out.

Here, it is preferable that the encryption unit generates a title keythat is unique to the content, encrypts the generated title key usingthe device unique information as a key to generate an encrypted titlekey, encrypts the content using the generated title key as a key togenerate an encrypted content, and generates the encrypted informationthat is composed of the encrypted title key and the encrypted content,the write unit writes the encrypted information that is composed of theencrypted title key and the encrypted content, the read unit reads theencrypted information that is composed of the encrypted title key andthe encrypted content, the decryption unit decrypts the encrypted titlekey included in the read encrypted information using the device uniqueinformation as a key to generate a decrypted title key, and decrypts theencrypted content included in the read encrypted information using thedecrypted title key as a key to generate the decrypted content, and therecording medium device includes the storage area for storing theencrypted information that is composed of the encrypted title key andthe encrypted content.

With this construction, the record/playback device encrypts thegenerated title key using the device unique information as a key therebyto generate the encrypted title key, and encrypts the content using thegenerated title key as a key thereby to generate the encrypted content.Also, the record/playback device decrypts the encrypted title key usingthe device unique information as a key to generate the decrypted titlekey, and decrypts the read encrypted content using the generateddecrypted title key as a key to generate the decrypted content. Thus,the encrypted title key stored in the recording medium device is notdecrypted by any device other than the record/playback device having thedevice unique information stored therein. Consequently, the encryptedcontent is decrypted only by the record/playback device.

Here, it is preferable that the record/playback device further includesa first authentication unit operable to perform mutual authenticationwith a second authentication unit included in the recording mediumdevice before the write unit writes the encrypted information into thestorage area or before the read unit reads the encrypted informationfrom the storage area, the recording medium device further includes thesecond authentication unit operable to perform mutual authenticationwith the first encryption unit included in the record and playback unit,and the storage area includes a first storage area and a second storagearea, the second storage area being writable and readable only when themutual authentication is established by the first authentication unit,the write unit writes the encrypted content into the first storage area,and only when the mutual authentication is established by the firstauthentication unit, writes the encrypted title key into the secondstorage area, and the read unit reads the encrypted content from thefirst storage area, and only when the mutual authentication isestablished by the first authentication unit, reads the encrypted titlekey from the second storage area.

With this construction, the record/playback device and the recordingmedium device mutually authenticate each other. Only when the mutualauthentication is established, the record/playback device writes theencrypted title key into the recording medium device, or reads theencrypted title key from the recording medium device. Thus, it isprevented that the content is read from or written by any illegitimatedevices.

Here, it is preferable the record/playback device further includes: acondition storage unit operable to store usage condition informationshowing a permissive condition for use of the content; and a conditionjudgment unit operable to judge whether use of the content is permittedaccording to the usage condition information.

With this construction, the usage condition is stored into the recordingmedium device, and the judgment as to whether use of the content ispermitted is made according to the usage condition.

Here, it is preferable that the write unit reads the usage conditionfrom the condition storage unit and writes the read usage conditioninformation into the second storage area only when the mutualauthentication is established by the first authentication unit, the readunit reads the usage condition from the second storage area and writesthe read usage condition into the usage condition storage unit only whenthe mutual authentication is established by the first authenticationunit, and the condition judgment unit judges whether use of the contentis permitted according to the usage condition information stored in thecondition storage unit.

With this construction, the record/playback device and the recordingmedium device mutually authenticate each other. Only when the mutualauthentication is established, the record/playback device writes theusage condition into the recording medium device or reads the usagecondition from the recording medium device. Further, the record/playbackdevice judges whether use of the content is permitted according to theread usage condition information. Thus, the usage condition informationis recorded into the recording medium device together with the content.

Here, it is preferable the usage condition information stored in thecondition storage unit shows a permitted playback number of times, apermitted playback period, a permitted total playback time, a permittednumber of times for copying the content, or a permitted number of timesfor moving the content, and the condition judgment unit (i) judges toplay back the content only when the number of times of actual playbackof the content by the playback unit is equal to or less than thepermitted playback number of times, a date and time at which the contentis to be played back by the playback unit is within the permittedplayback period, and a total time of actual playback is equal to or lessthan the permitted total playback time, (ii) judges to copy the contentto the recording medium device only when the permitted number of timesfor copying the content is equal to 1 or greater, and (iii) judges tomove the content to the recording medium device only when the permittednumber of times for moving the content is equal to 1 or greater.

With this construction, the usage condition shows a permitted playbacknumber of times, a permitted playback period, or a permitted totalplayback time, a permitted number of times for copying the content, or apermitted number of times for moving the content. Thus, usage of thecontent is limited in a variety of ways.

Here, it is preferable that the record/playback device further includesan authentication judgment unit operable to judge whether the recordingmedium device includes the second authentication unit, and theencryption unit further encrypts the content using the device uniqueinformation as a key to generate the encrypted information when therecording medium device is judged not to include the secondauthentication unit, the write unit further writes the generatedencrypted information into the storage area of the recording mediumdevice when the recording medium device is judged not to include thesecond authentication unit, the read unit further reads the encryptedinformation from the storage area of the recording medium device whenthe recording medium device is judged not to include the secondauthentication unit, and the decryption unit further decrypts the readencrypted information using the device unique information as a key whenthe recording medium device is judged not to include the secondauthentication unit.

With this construction, the encryption is done in a different mannerdepending on whether the recording medium device includes anauthentication unit, which makes it possible that the digital workprotection system is used in a variety of ways.

Here, it is preferable the recording medium device further prestoresmedium unique information that is unique to the recording medium device,the internal storage unit stores a unique information type inassociation with the content, the unique information type showingwhether the content is to be encrypted based on the device uniqueinformation or the medium unique information, the record/playback devicefurther includes a unique information judgment unit operable to judge,according to the unique information type stored in the internal storageunit, whether the content is to be encrypted based on the device uniqueinformation or the medium unique information, the encryption unit (i)encrypts the content based on the device unique information to generatethe encrypted information when the unique information judgment unitjudges the content to be encrypted based on the device uniqueinformation, and (ii) reads the medium unique information from therecording medium device to encrypt the content based on the read mediumunique information to generate the encrypted information when the uniqueinformation judgment unit judges the content to be encrypted based onthe medium unique information, the decryption unit (i) decrypts the readencrypted information based on the device unique information to generatethe decrypted content when the unique information judgment unit judgesthe content to be encrypted based on the device unique information, and(ii) reads the medium unique information from the recording mediumdevice to decrypt the read encrypted information with the use of theread medium unique information to generate the decrypted content whenthe unique information judgment unit judges the content to be encryptedbased on the device unique information.

With this construction, different unique information is used in theencryption depending on the unique information type, which makes itpossible that the digital work protection system is used in a variety ofways.

Alternatively, in another aspect of the present invention, provided is amodel change device used for replacing a first record/playback devicewith a second record/playback device due to change in a contract betweena user and a service provider, the first record/playback device beingusable under the contract. The first record playback device includes: afirst internal storage unit operable to store a content that is adigital work; a first unique information storage unit operable toprestore device unique information that is unique to the firstrecord/playback device; a first encryption unit operable to encrypt thecontent stored in the first internal storage unit based on the deviceunique information stored in the first unique information storage unitto generate encrypted information; a first write unit operable to writethe generated encrypted information into a storage area of a recordingmedium device, a first read unit operable to read the encryptedinformation from the storage area of the recording medium device; afirst decryption unit operable to decrypt the read encrypted informationbased on the device unique information stored in the first uniqueinformation storage unit to generate a decrypted content; and a firstplayback unit operable to play back the generated decrypted content. Therecording medium device includes the storage area for storing theencrypted information. The second record/playback device includes: asecond internal storage unit that includes an internal storage area forstoring a content that is a digital work; a second unique informationstorage unit that includes an internal storage area for storing deviceunique information; a second encryption unit operable to encrypt thecontent stored in the second internal storage unit based on the deviceunique information stored in the second unique information storage unitto generate encrypted information; a second write unit operable to writethe generated encrypted information into the storage area of the memorydevice, a second read unit operable to read the encrypted informationfrom the storage area of the memory device; a second decryption unitoperable to decrypt the read encrypted information based on the deviceunique information stored in the second unique information storage unitto generate a decrypted content; and a second playback unit operable toplay back the generated decrypted content. The model change deviceincludes: a third read unit operable to read the device uniqueinformation stored in the first unique information storage unit, anddelete the device unique information from the first unique informationstorage unit; and a third write unit operable to write the read deviceunique information into the second unique information storage unit.

With this construction, the model change device reads the device uniqueinformation stored in the first unique information storage unit of thefirst record/playback device, deletes the device unique information fromthe first unique information storage unit, and writes the read deviceunique information into the second unique information storage unit ofthe second record/playback device. Thus, even after the model change,the content stored into the recording medium device by the firstrecord/playback device is allowed to be used by the secondrecord/playback device. In addition, after the model change, the firstrecord/playback device is no longer allowed to use the content.

Alternatively, in another aspect of the present invention, provided is amodel change device used for canceling a record/playback device that hasbeen usable under a contract between a user and a service provider. Therecord/playback device includes: an internal storage unit operable tostore a content that is a digital work; a unique information storageunit operable to prestore (i) device unique information that is uniqueto the record/playback device and (ii) contract information regardingthe contract, the device unique information being independent of thecontract information; an encryption unit operable to encrypt the contentstored in the internal storage unit based on the device uniqueinformation stored in the unique information storage unit to generateencrypted information; a write unit operable to write the generatedencrypted information into a storage area of a recording medium device;a read unit operable to read the encrypted information from the storagearea of the recording medium device; a decryption unit operable todecrypt the read encrypted information based on the device uniqueinformation stored in the unique information storage unit to generate adecrypted content; and a playback unit operable to play back thegenerated decrypted content. The recording medium device includes thestorage area for storing the encrypted information. The model changedevice includes: a read unit operable to read the contract informationfrom the unique information storage unit; and a cancellation unitoperable to perform processing to cancel the contract with reference tothe read contract information.

With this construction, the record/playback device prestores the deviceunique information that is independent of the contract information. Themodel change device reads the contract information stored in the uniqueinformation storage unit and performs processing to cancel the contractwith reference to the read contract information. Thus, even after thecancellation of the contract under which the record/playback device isusable, the content stored in the recording medium device is stillallowed to be played back by the record/playback device.

Alternatively, in another aspect of the present invention, provided is amodel change device used for changing a first contract under which arecord/playback device is usable to a second contract. The firstcontract is made between a user and a first service provider and thesecond contract is made between the user and a second service provider.The record/playback device includes: an internal storage unit operableto store a content that is a digital work; a unique information storageunit operable to store (i) device unique information that is unique tothe record/playback device and (ii) first contract information regardingthe first contract, the device unique information being independent ofthe contract information; an encryption unit operable to encrypt thecontent stored in the internal storage unit based on the device uniqueinformation stored in the unique information storage unit to generateencrypted information; a write unit operable to write the generatedencrypted information into a storage area of a recording medium device;a read unit operable to read the encrypted information from the storagearea of the recording medium device; a decryption unit operable todecrypt the read encrypted information based on the device uniqueinformation stored in the unique information storage unit to generate adecrypted content; and a playback unit operable to play back thegenerated decrypted content. The recording medium device includes thestorage area for storing the encrypted information. The model changedevice includes: a read unit operable to read the first contractinformation from the unique information storage unit; a contractcancellation and change unit operable to perform processing to cancelthe first contract with reference to the read first contractinformation, and perform processing to make the second contract togenerate second contract information regarding the second contract; anda write unit operable to write the generated second contract informationinto the unique information storage unit, and delete the first contractinformation from the unique information storage unit.

With this construction, the record/playback device prestores the deviceunique information that is independent of the first contractinformation. The model change device reads the first contractinformation from the record/playback device, performs processing tocancel the first contract with reference to the first contractinformation, performs processing to make the second contract and togenerate the second contract information regarding the second contract,writes the generated second contract information into the uniqueinformation storage unit of the record/playback device, and deletes thefirst contract information from the unique information storage unit.Thus, even after the service provider of the record/playback device ischanged to another service provider, the content stored in the recordingmedium device is still played back.

BRIEF DESCRIPTION OF THE DRAWINGS

These and the other objects, advantages and features of the inventionwill become apparent from the following description thereof taken inconjunction with the accompanying drawings which illustrate a specificembodiment of the invention.

In the drawings:

FIG. 1 is a block diagram showing the entire construction of a digitalwork distribution system 100;

FIG. 2 is a block diagram showing the construction of a contentdistribution server device 200;

FIG. 3 is a block diagram showing the constructions of a mobile phone300 and a memory card 400;

FIG. 4 is a flowchart showing the operations of the digital workdistribution system 100;

FIG. 5 is a block diagram showing the construction of a memory card 400b;

FIG. 6 is a block diagram showing the construction of a mobile phone 300b;

FIG. 7 is a flowchart showing the operations performed by the mobilephone 300 b to generate an encrypted content and to write the encryptedcontent into the memory card 400 b;

FIG. 8 is a flowchart showing the operations performed by the mobilephone 300 b to read the encrypted content from the memory card 400 b andto generate the content;

FIG. 9 shows the operations to play back the content performed by amobile phone A and by a mobile phone X;

FIG. 10 is a block diagram showing the constructions of a mobile phone300 c and the memory card 400;

FIG. 11 is a flowchart showing the operations of the mobile phone 300 c;

FIG. 12 is a flowchart showing the operations of the mobile phone 300 cwhen the usage condition is a permitted playback period;

FIG. 13 is a flowchart showing the operations of the mobile phone 300 cwhen the usage condition is the permitted total amount of playback time;

FIG. 14 is a block diagram showing the construction of a memory card 400d;

FIG. 15 is a block diagram showing the construction of a mobile phone300 d;

FIG. 16 is a block diagram showing the construction of anencryption/decryption unit 380 d;

FIG. 17 is a flowchart showing the entire operations of a digital workdistribution system 100 d;

FIG. 18 is a flowchart showing the operations performed for mutualauthentication between the mobile phone 300 d and the memory card 400 d;

FIG. 19 is a flowchart showing the operations performed by the mobilephone 300 d for storage processing;

FIG. 20 is a flowchart showing the operations performed by the mobilephone 300 d for read processing;

FIG. 21 is a block diagram showing the construction of a model changesystem 600 e;

FIG. 22 is a flowchart showing the operations of the model change system600 e;

FIG. 23 is a block diagram showing the construction of a model changesystem 600 g;

FIG. 24 is a block diagram showing the construction of a model changesystem 600 m;

FIG. 25 is a flowchart showing the operations of the model change system600 m;

FIG. 26 is a flowchart showing the operations of a modified model changesystem 600 m;

FIG. 27 is a block diagram showing the constructions of a mobile phone300 i and a memory card 400 i;

FIG. 28 is a flowchart showing the operations of a digital workdistribution system 100 i;

FIG. 29 shows the data construction of a right information table 610that is stored in a content storage unit 201 of a content distributionserver device 200 j;

FIG. 30 is a block diagram showing the construction of a memory card 400j;

FIG. 31 is a flowchart showing the operations performed to obtain acontent from the content distribution server device 200 j;

FIG. 32 is a flowchart showing the operations for re-obtaining the onceobtained content when a user deletes the encrypted content stored in thememory card 400 j by mistake;

FIG. 33 shows the data construction of a content information table 620that is stored in the content storage unit 201 of a content distributionserver device 200 k;

FIG. 34 is a block diagram showing the constructions of a mobile phone300 k and a memory card 400 k;

FIG. 35 is a flowchart showing the operations performed by the mobilephone 300 k to obtain a content and to write the obtained content intothe memory card 400 k; and

FIG. 36 is a flowchart showing the operations performed by the mobilephone 300 k to decrypt an encrypted content stored in the memory card400 k and to playback the decrypted content.

DESCRIPTION OF THE PREFERRED EMBODIMENT 1. Preferred Embodiment 1

First, description is given to a digital work distribution system 100consistent with preferred embodiment 1 of the present invention.

The digital work distribution system 100 aims to provide a digital workprotection system, a main device, and a recording medium device, each ofwhich records a digital work (for example, a ringer melody or a standbyscreen) into a portable recording medium device using a main device,such as a mobile phone, in a manner to prohibit playback of the digitalwork by any device other than the main device used upon the recording.

1.1 Construction of Digital Work Distribution System 100

As shown in the block diagram in FIG. 1, the digital work distributionsystem 100 is composed of a content distribution server device 200, theInternet 10, a gateway device 40, a mobile phone network 20, a radiobase station 30, a mobile phone 300, and a memory card 400.

The content distribution server device 200 is connected to the radiobase station 30 via the Internet 10 and the mobile phone network 20. Theradio base station 30 transmits information to or from the mobile phone300 via radio waves. The gateway device 40 connects the Internet 10 andthe mobile phone network 20, and performs conversion of thecommunications protocol between the Internet 10 and the mobile phonenetwork 20.

In response to a user operation received from the mobile phone 300, thecontent distribution server device 200 distributes a digital work, i.e.,a piece of music as one example, to the mobile phone 300 via theInternet 10, the mobile phone network 20, and the radio base station 30.The mobile phone 300 then receives the content, encrypts the receivedcontent, and records the encrypted content into the memory card 400.Further, in response to a user operation, the mobile phone 300 reads theencrypted content stored in the memory card 400, decrypts the content,and then plays back the decrypted content.

1.2 Construction of Content Distribution Server Device 200

As shown in the block diagram in FIG. 2, the content distribution serverdevice 200 is composed of a content storage unit 201, a control unit202, and a transmission/reception unit 203.

To be more specific, the content distribution server device 200 is acomputer system composed of a microprocessor, ROM, RAM, a hard discunit, a display unit, a keyboard, a mouse, and other components. The RAMor the hard disc unit stores a computer program, and the contentdistribution server device 200 performs its function by themicroprocessor executing the computer program.

The content storage unit 201 prestores a content 600, which in thisexample is a ringer melody. Here, the term ringer melody used hereinrefers to a piece of music that is played back for signaling the mobilephone user of an incoming call. Note that the content may be, forexample, a standby screen for mobile phone, karaoke data, and a gameprogram written in Java.

The control unit 202 receives a content ID and payment information fromthe mobile phone 300 via the radio base station 30, the mobile phonenetwork 20, the Internet 10, and the transmission/reception unit 203.Here, the transmission of the content ID and the payment information areperformed in a secure manner through the use of a secure, authenticationcommunications protocol, such as SSL (Secure Socket Layer) protocol. Thecontent ID is an identifier identifying the content that the userselects to purchase, and the payment information is informationindicating payment made for purchasing the content. Upon receipt of thecontent ID and the payment information, the control unit 202 performsprocessing for receiving the payment based on the payment information.

Next, the control unit 202 reads a content that corresponds to thereceived content ID from the content storage unit 201, and transmits theread content to the mobile phone 300 via the transmission/reception unit203, the Internet 10, the mobile phone network 20, and the radio basestation 30. Here, the content is transmitted from the contentdistribution sever device 200 to the mobile phone 300 in a secure mannerthrough the use of a secure content distribution system, such as EMMS(Electronic Music Management System).

The transmission/reception unit 203 performs transmission and receptionof information with external devices connected thereto via the Internet10.

1.3 Construction of Memory Card 400

As shown in FIG. 3, the memory card 400 includes an external storageunit 410 that has storage areas for storing various types ofinformation.

The memory card 400 is attached by the user to the mobile phone 300, sothat various types of information are written into and read from theexternal storage unit 410 by the mobile phone 300.

1.4 Construction of Mobile Phone 300

As shown in FIG. 3, the mobile phone 300 is composed of an antenna 367,a transmission/reception unit 361, an audio control unit 362, a speaker363, a microphone 364, an input unit 365, a control unit 366, a displayunit 368, a content purchasing unit 301, a content obtaining unit 302,an internal storage unit 303, a playback unit 304, a unique informationstorage unit 310, a write unit 330, a read unit 350, and anencryption/decryption unit 380. The encryption/decryption unit 380 iscomposed of an encryption unit 320 and a decryption unit 340.

To be more specific, the mobile phone 300 is composed of amicroprocessor, ROM, RAM, a liquid crystal display unit, a ten-key, andother components. The RAM stores a computer program, and the mobilephone 300 performs its function partly by the microprocessor operatingin accordance with the computer program.

(1) Antenna 367, Transmission/Reception Unit 361, Audio Control Unit362, Speaker 363, Microphone 364, Input Unit 365, Control Unit 366, andDisplay Unit 368

The antenna 367 transmits and receives radio waves.

The transmission/reception unit 361 performs transmission and receptionof various types of information between the audio control unit 362 andanother mobile phone via the mobile phone network 20, the radio basestation 30, and the antenna 367. In addition, the transmission/receptionunit 361 performs transmission and reception of various types ofinformation between the content distribution server device 200 andcontent purchasing unit 301 or between the content distribution serverdevice 200 and the content obtaining unit 302 via the Internet 10, themobile phone network 20, the radio base station 30, and the antenna 367.

The audio control unit 362 converts audio information that is receivedfrom another mobile phone into electrical analog signals, and outputsthe resulting signals to the speaker 363. In addition, the audio controlunit 362 converts electrical analog signals that the microphone 364receives into audio information, and outputs the resulting audioinformation to another mobile phone.

The speaker 363 performs conversion of the electrical analog signalsinto audio data, followed by audio output, whereas the microphone 364performs conversion of the audio input into electrical analog signals,followed by output of the resulting signals to the audio control unit362.

The input unit 365 is provided with a ten-key and other keys, andreceives various inputs from the user.

The control unit 366 controls the operations of each unit constitutingthe mobile phone 300.

The display unit 368 is composed of a liquid crystal display unit, anddisplays various types of information.

(2) Unique Information Storage Unit 310

The unique information storage unit 310 is composed of a semiconductormemory that is protected from being externally read or written with anydevices other than a specifically permitted device such as a modelchange device, which will be described later. The unique informationstorage unit 310 prestores unique information.

Here, the unique information refers to information that is unique to themobile phone 300 and that is composed of the telephone number allottedto the mobile phone, a randomly generated number allotted to the mobilephone, or the like.

(3) Internal Storage Unit 303

The internal storage unit 303 is composed of a semiconductor memory thatis neither readable nor writable externally, and has storage areas forstoring contents received from the content distribution server device200.

(4) Content Purchasing Unit 301

The content purchasing unit 301 receives from the input unit 365 acontent ID identifying the content that the user selects to purchase,generates payment information indicating the necessary payment made forpurchasing the content, and transmits the content ID together with thepayment information to the content distribution server device 200 viathe transmission/reception unit 361, the antenna 367, the radio basestation 30, the mobile phone network 20, and the Internet 10.

Here, transmission of the content ID and the payment information betweenthe mobile phone 300 and the content distribution server device 200 isperformed in a secure manner through the use of, for example, the SSLprotocol.

(5) Content Obtaining Unit 302

The content obtaining unit 302 receives a content from the contentdistribution server device 200 via the Internet 10, the mobile phonenetwork 20, the radio base station 30, the antenna 367, and thetransmission/reception unit 361, and writes the received content intothe internal storage unit 303 as a content 601.

Here, transmission of the content from the content distribution serverdevice 200 to the mobile phone 300 is performed in a secure mannerthrough the use of, for example, the EMMS system.

(6) Playback Unit 304

In response to a playback instruction inputted by the user via the inputunit 365, the playback unit 304 reads the content 601 from the internalstorage unit 303, and plays back the read content to output.

Here, in the case where the read content is a piece of music, theplayback unit 304 converts the content into electrical analog signals,and outputs the resulting signals to the speaker 363.

Alternatively, in the case where the read content is a standby screenfor mobile phones, the playback unit 304 converts the read content intopixel information, and outputs the resulting pixel information to thedisplay unit 368.

As discussed above, the playback unit 304 performs different processingdepending on the type of content.

(7) Encryption Unit 320

In response to a write instruction inputted by the user via the inputunit 365, the encryption unit 320 reads the content 601 from theinternal storage unit 303, and the unique information from the uniqueinformation storage unit 310.

Next, the encryption unit 320 applies encryption algorithm E1 to theread content using the read unique information as a key to generate anencrypted content, and outputs the encrypted content to the write unit330.

Here, as one example, encryption algorithm E1 is an algorithm based onDES (Data Encryption Standard).

Note that each block shown in FIG. 3 is connected with another blockwith a connecting line, but some of the connecting lines are omitted inthe figure. Here, each connecting line shows a path through whichsignals and information are transmitted. Further, among a plurality ofconnecting lines that are in direct connection with the blockrepresenting the encryption unit 320, each connecting line marked with akey symbol represents a path through which information that serves as akey is transmitted. The same description applies to the block of thedecryption unit 340, and also to the corresponding blocks in otherfigures.

(8) Write Unit 330

The write unit 330 receives the encrypted content from the encryptionunit 320, and writes the encrypted content as an encrypted content 602into the external storage unit 410 which is included in the memory card400.

(9) Read Unit 350

In response to a read instruction inputted by the user via the inputunit 365, the read unit 350 reads the encrypted content 602 from theexternal storage unit 410 of the memory card 400, and outputs theencrypted content to the decryption unit 340.

(10) Decryption Unit 340

The decryption unit 340 receives the encrypted content from the readunit 350, and reads the unique information from the unique informationstorage unit 310.

Next, the decryption unit 340 applies decryption algorithm D1 to thereceived encrypted content using the read unique information as a key,thereby to generate the content, and writes the generated content intothe internal storage unit 303.

Here, decryption algorithm D1 is an algorithm for performing inversionof encryption algorithm E1. One example of decryption algorithm D1 is analgorithm based on DES.

1.5 Operations of Digital Work Distribution System 100

Now, description is given to the operations of the digital workdistribution system 100 with reference to the flowchart shown in FIG. 4.

Upon receipt of a content ID via the input unit 365, the contentpurchasing unit 301 of the mobile phone 300 generates paymentinformation (step S101), and transmits the content ID and the paymentinformation to the content distribution server device 200 in a securemanner through the use of, for example, SSL protocol (step S102).

The control unit 202 of the content distribution server device 200receives the content ID and the payment information from the mobilephone 300 (step S102), then performs processing for receiving thepayment based on the transmitted payment information (step S103).Thereafter, the control unit 202 reads from the content storage unit 201the content identified by the received content ID (step S104), thentransmits the read content to the mobile phone 300 in a secure mannerthrough the use of, for example, SSL protocol (step S105).

The content obtaining unit 302 of the mobile phone 300 receives thecontent from the content distribution server device 200 (step 5105), andwrites the received content into the internal storage unit 303 as thecontent 601 (step S106).

Upon receipt of a content write instruction of via the input unit 365(step S107), the encryption unit 320 reads the content 601 from theinternal storage unit 303 (step S108), and the unique information fromthe unique information storage unit 310 (step S109). Next, theencryption unit 320 applies encryption algorithm E1 using the readunique information as a key, thereby to generate an encrypted content(step S110), and the write unit 330 writes the encrypted content intothe external storage unit 410 of the memory card 400 as the encryptedcontent 602 (step S111).

Alternatively, upon receipt of a content read instruction via the inputunit 365 (step S107), the read unit 350 reads the encrypted content 602from the external storage unit 410 of the memory card 400 (step S112),and the decryption unit 340 reads the unique information from the uniqueinformation storage unit 310 (step S113). Next, the decryption unit 340applies decryption algorithm D1 to the received encrypted content usingthe read unique information as a key, thereby to generate the content(step S114), and writes the generated content into the internal storageunit 303 (step S115).

Alternatively, upon receipt of a playback instruction via the input unit365 (step S107), the playback unit 304 reads the content 601 from theinternal storage unit 303 (step S116), and plays back the read content(step S117).

1.6 Operating Procedure Performed by User of Mobile Phone 300

Hereinafter, description is given to the operating procedure that theuser of the mobile phone 300 performs.

(1) First, with the use of the content purchasing unit 301 of the mobilephone 300, the user selects and purchases a content from among thecontents stored in the content storage unit 201 of the contentdistribution server device 200. Then, with the use of the contentobtaining unit 302, the user obtains the content that he has purchased.The content is then stored into the internal storage unit 303 of themobile phone 300.(2) Next, in the case where the purchased content is, for example, aringer melody, the user sets the mobile phone 300 such that the playbackunit 304 plays back the ringer melody upon receipt of an incoming call.(3) Further, the user may store the content 601 that he purchasedearlier and that is stored in the internal storage unit 303 into thememory card 400 in the following procedure.

(3.1) The user attaches the memory card 400 to the mobile phone 300, andinstructs the mobile phone 300 to store the purchased content into thememory card.

(3.2) In response, the content 601 stored in the internal storage unit303 of the mobile phone 300 is encrypted by the encryption unit 320using the unique information stored in the unique information storageunit 310, and consequently an encrypted content is generated. Then, theencrypted content is stored by the write unit 330 as the encryptedcontent 602 into the external storage unit 410 included in the memorycard 400.

(4) Still further, the user may fetch the encrypted content 602 from theexternal storage unit 410 included within the memory card 400, and storethe fetched content into the internal storage unit 303 of the mobilephone 300 in the following procedure.

(4.1) The user attaches the memory card 400 into the mobile phone 300,and instructs the mobile phone 300 to fetch the encrypted content fromthe memory card 400.

(4.2) In response, the encrypted content 602 stored in the externalstorage unit 410 included in the memory card 400 is read by the readunit 350 of the mobile phone 300. Then, the read encrypted content isdecrypted by the decryption unit 340 using the unique information storedin the unique information storage unit 310, and consequently, thecontent is generated. The generated content is then stored in theinternal storage unit 303 of the mobile phone 300.

1.7 Modification 1

The above description is given to the procedure for storing a contentthat has been purchased into the memory card 400, and for fetching thestored content from the memory card 400. Yet, whether the content ispurchased, i.e., whether obtaining the content requires payment of acertain fee, is not an essential matter to the present invention. Thatis, for example, the above procedure is applicable not only to thecontent that the user has purchased, but also to a content, such as afree sample, that has been distributed to the user free of charge.

1.8 Modification 2

Here, description is given to a mobile phone 300 b and a memory card 400b which are modifications of the mobile phone 300 and the memory card400, respectively.

The mobile phone 300 b and the memory card 400 b have constructionssimilar to the mobile phone 300 and the memory card 400, respectively.Thus, description below is given mainly to the differences with themobile phone 300 and with the memory card 400.

(1) Construction of Memory Card 400 b

As shown in FIG. 5, the memory card 400 b includes a first externalstorage unit 412 and a second external storage unit 411.

The second external storage unit 411 has a storage area for storing anencrypted title key, which will be descried later, while the firstexternal storage unit 412 has a storage area for storing an encryptedcontent.

(2) Construction of Mobile Phone 300 b

As shown in FIG. 6, the mobile phone 300 b includesencryption/decryption unit 380 b instead of the encryption/decryptionunit 380 that the mobile phone 300 includes. The mobile phone 300 bdiffers from the mobile phone 300 only with this respect. Componentsconstituting the mobile phone 300 b that are identical to thoseconstituting the mobile phone 300 are denoted by the same referencenumbers.

The encryption/decryption unit 380 b includes a title key generatingunit 321, an encryption unit 322, an encryption unit 323, a decryptionunit 342, and decryption unit 343.

(Title Key Generating Unit 321)

The title key generating unit 321 generates a random number every timethe content 601 stored in the internal storage unit 303 is encrypted,and outputs to the encryption units 322 and 323 the generated randomnumber as a title key that is unique to each content.

(Encryption Unit 322)

The encryption unit 322 reads the unique information from the uniqueinformation storage unit 310, and receives the title key from the titlekey generating unit 321. Next, the encryption unit 322 appliesencryption algorithm E2 to the received title key using the read uniqueinformation as a key, thereby to generate an encrypted title key, andoutputs the encrypted title key to the write unit 330.

Here, encryption algorithm E2, for example, is based on DES.

(Encryption Unit 323)

The encryption unit 323 receives the title key from the title keygenerating unit 321, and reads the content 601 from the internal storageunit 303. Next, the encryption unit 323 applies encryption algorithm E3to the read content using the received title key as a key, thereby togenerate an encrypted content, and outputs the generated encryptedcontent to the write unit 330.

(Write Unit 330)

The write unit 330 receives the encrypted title key from the encryptionunit 322, and writes the received encrypted title key into the secondexternal storage unit 411 of the memory card 400 b. Further, the writeunit 330 receives the encrypted content from the encryption unit 323,and writes the received encrypted content into the first externalstorage unit 412 in the memory card 400 b.

(Read Unit 350)

The read unit 350 reads the encrypted content from the first externalstorage unit 412 and the encrypted title key and from the secondexternal storage unit 411, both units of which are included in thememory card 400 b. The read unit 350 then outputs the read encryptedtitle key and the read encrypted content to the decryption unit 342 andthe decryption unit 343, respectively.

(Decryption Unit 342)

The decryption unit 342 receives the encrypted title key from the readunit 350, reads the unique information from the unique informationstorage unit 310, applies decryption algorithm D2 to the receivedencrypted title key using the read unique information as a key, therebyto generate the title key, and outputs the generated title key to thedecryption unit 343.

Here, decryption algorithm D2 is an algorithm for performing inversionof encryption algorithm E2. One example of decryption algorithm D2 is analgorithm based on DES.

(Decryption Unit 343)

The decryption unit 343 receives the encrypted content from the readunit 350, and the title key from the decryption unit 342. The decryptionunit 343 then applies decryption algorithm D3 to the received encryptedcontent using the received title key as a key, thereby to generate thecontent, and writes the generated content into the internal storage unit303 as the content 601.

Here, decryption algorithm D3 is an algorithm for performing inversionof the encryption algorithm E3. One example of decryption algorithm D3is an algorithm based on DES.

(3) Operations of Mobile Phone 300 b

Now, description is given to the operations of the mobile phone 300 b.

Note that overall operations performed by the digital work distributionsystem are shown in the flowchart in FIG. 4 provided that the stepsS108-S111 and the steps S112-S115 are replaced with steps S131-5137 andthe steps S141-S146 described blow, respectively.

(Operations for Storing Encrypted Content)

With reference to the flowchart shown in FIG. 7, description is given tothe operations performed by the mobile phone 300 b to generate theencrypted content as well as to write the encrypted content into thememory card 400 b.

The title key generating unit 321 generates a title key (step S131).Next, the encryption unit 322 reads the unique information from theunique information storage unit 310 (step S132), and then appliesencryption algorithm E2 to the received title key using the read uniqueinformation as a key, thereby generate an encrypted the title key (step5133). Successively, the write unit 330 receives the encrypted title keyfrom the encryption unit 322, and writes the received encrypted titlekey into the second external storage unit 411 included in the memorycard 400 b (step S134). The encryption unit 323 then reads the content601 from the internal storage unit 303 (step 5135), and appliesencryption algorithm E3 to the read content using the received title keyas a key, thereby to generate the encrypted content (step 5136).Thereafter, the write unit 330 writes the encrypted content into thefirst external storage unit 412 included in the memory card 400 b (stepS137).

(Operations for Decrypting Content)

With reference to the flowchart shown in FIG. 8, description is given tothe operations of the mobile phone 300 b performed to read the encryptedcontent from the memory card 400 b and to generate the content.

The read unit 350 reads the encrypted title key from the second externalstorage unit 411 included in the memory card 400 b (step S141). Next,the decryption unit 342 reads the unique information from the uniqueinformation storage unit 310 (step S142), and applies decryptionalgorithm D2 to the read encrypted title key using the read uniqueinformation as a key, thereby to generate the title key (step 5143).Next, the read unit 350 reads the encrypted content from the firstexternal storage unit 412 included in the memory card 400 b (step S144).Subsequently, the decryption unit 343 applies decryption algorithm D3 tothe received encrypted content using the title key as a key, thereby togenerate the content (step S145), and writes the generated content intothe internal storage unit 303 as the content 601 (step S146).

1.9 Modification 3

(1) As described above, the encryption unit 320 and the decryption unit340, in one example, employ a DES algorithm encryption algorithm.

In this case, the unique information stored in the unique informationstorage unit 310 may be a unique key having 56 bits.

Alternatively, the telephone number allotted to the mobile phone may beused as the unique information. In this case, the telephone number issubjected to a secret conversion function to output 56-bit uniqueinformation, which servers as the unique information.

Here, DES encryption may be employed as the secret conversion functionin the following manner. That is, the telephone number is subjected to aDES encryption algorithm using a secret, fixed value having 56 bits tooutput a value having 64 bits. The last 56 bits of the value are used asthe unique information.

(2) Further, the unique information storage unit 310 and the internalstorage unit 303 are protected from being read or written from anyexternal device other than a specially permitted device, such as alater-described model change device. To be more specific, each of theunique information storage unit 310 and the internal storage unit 303are composed of tamper-resistant hardware, tamper-resistant software, ora combination of the two.(3) Further, the unique information storage unit 310 may be constructedwithin a card that is attachable to and detachable from the mobilephone. Examples of such a card include a SIM (Subscriber IdentityModule) card for use with mobile phones.(4) Still further, at the time of encrypting the content using the DESencryption algorithm, the content is divided into data blocks eachhaving 64 bits, and then each data block is encrypted using the 56-bitunique key to generate a 64-bit encrypted data block. The thus generatedencrypted data blocks are then concatenated together, and theconcatenated encrypted data blocks are outputted as the encryptedcontent (ECB (Electronic Codebook) mode). Alternatively, the encryptionmay be done using CBC (Cipher Feedback Chaining) mode. Details of theECB mode and the CBC mode are found, for example, in “Introduction toCryptographic Theory (Ango-Riron Nyumon)” (Eiji OKAMOTO, published byKyoritsu Shuppan CO., LTD.), and thus their description is omitted.1.10 Overview

Generally, the internal storage unit 303 of the mobile phone 300 islimited in its memory capacity. Conventionally, this limitation resultsin the following problem. In a case where the internal storage unit 303is full with digital works, the user is required to delete some of thedigital works stored in the internal storage unit 303 to secure a freememory space before purchasing another digital work, or he simply has togive up purchasing another digital work.

However, according to embodiment 1, the user is allowed to store some ofthe digital works stored in the internal storage unit of the mobilephone into the memory card attached the mobile phone when he decides notto use the digital works anytime soon. In this manner, a free memoryspace is secured in the internal storage unit of the mobile phonewithout losing the rights to playback those digital works he haspurchased. As a consequence, the user is allowed to purchase some moredigital works.

Here, some of the copyright holders of digital works may not permit thefollowing usage pattern. That is, for example, when an encrypted contentis stored into a memory card using a certain mobile phone, the copyrightholder of the content desires that the content be prohibited to bedecrypted or played back by any other mobile phones even if the memorycard is attached thereto.

Here, embodiment 1 meets this end in that an encrypted content that auser has stored in a memory card using a certain mobile phone is neitherdecrypted nor played back with any other mobile phones than thatparticular one even if the memory card is attached thereto.

In other words, the rights of copyright holders are protected as thedigital content stored into a memory card being attached to a mobilephone is not decrypted or played back by any mobile phones other thanthat particular mobile phone used at the time of storing the content.This advantageous feature will be described in detail with reference toFIG. 9.

As shown in FIG. 9, a mobile phone A stores unique information A, whilea mobile phone X stores unique information X.

Upon writing a content into a memory card, the mobile phone A encrypts atitle key using the unique information A, and stores the encrypted titlekey into the external storage unit included in the memory card (stepS151). Next, the mobile phone A encrypts the content using the titlekey, and stores the encrypted content into the external storage unit ofthe memory card (step S152).

Upon reading the encrypted content from the memory card, the mobilephone A reads the encrypted title key from the external storage unitincluded in the memory card, and decrypts the encrypted title key usingthe unique information A (step S153). Next, the mobile phone A reads theencrypted content from the external storage unit, and decrypts theencrypted content using the decrypted title key (step S154).

Here, the unique information used to encrypt the title key and theunique information used to decrypt the encrypted title key are both thesame unique information A, so that the encrypted title key is correctlydecrypted. Consequently, the title key used to encrypt the content andthe title key used to decrypt the encrypted content are the same, sothat the content is correctly decrypted.

On the other hand, when the mobile phone X attempts to play back thecontent, the mobile phone X reads the encrypted title key from theexternal storage unit included in the memory card, and decrypts thetitle key using the unique information X (step S155).

Here, the unique information A that is used to encrypt the title keydiffers from the unique information X used to decrypt the title key.Consequently, the title key is not correctly decrypted, so that theencrypted content is not correctly decrypted, either.

Therefore, the mobile phone X fails to play back the encrypted content.

2. Preferred Embodiment 2

Hereinafter, description is given to a digital work distribution system100 c consistent with preferred embodiment 2 of the present invention.

The digital work distribution system 100 c aims to provide a digitalwork protection system, a main device, and a recording medium device,each of which allows playback of a digital work by the main device onlyunder the conditions permitted according to usage condition data whenthe content is provided with usage condition data such as the permittednumber of playback times for the digital work, or the permitted period.That is, with these devices, this embodiment aims to permit playback ofdigital works by the main device based on the usage conditioninformation showing permissive conditions for usage of the digital work.

In the digital work distribution system 100 c, when a content isprovided with usage condition data, such as a limitation on thepermitted number of playback times, the permitted playback period, orthe permitted total amount of time playback, the mobile phone of thesystem is allowed to play back the content only within the limitationsimposed by the usage condition data.

The digital work distribution system 100 c has a construction similar tothat of the digital work distribution system 100. Here, description isgiven mainly to the differences with the digital work distributionsystem 100.

The digital work distribution system 100 c includes a contentdistribution server device 200 c and a mobile phone 300 c instead of thecontent distribution server device 200 and the mobile phone 300,respectively.

2.1 Construction of Content Distribution Server Device 200 c

Basically, the content distribution server device 200 c has aconstruction similar to that of the content distribution server device200 included in the digital work distribution system 100. Thus,description hereinafter is given mainly to the differences with thecontent distribution server device 200.

(Content Storage Unit 201)

In addition to the content, the content storage unit 201 included in thecontent distribution server device 200 c further prestores a usagecondition in correspondence with the content.

The usage condition, for example, is a permitted number of playbacktimes. The permitted number of playback times imposes a limitation onthe total number of times that the user is permitted to play back thestored content that corresponds to the usage condition. When, forexample, the permitted number of playback times is set at “10”, the useris permitted to play back the content for ten times at the maximum.

Note that the usage condition may alternatively be a permitted playbackperiod. The permitted playback period imposes a limitation on the periodduring which the user is permitted to play back the stored content thatcorresponds to the usage condition. The permitted playback period iscomposed of data showing the permission starting day and permissionexpiration day. The user is permitted to play back the content onlyduring the period starting on the permission starting day and expiringon the permission expiration day. During this period, the user ispermitted to play back the content an unlimited number of times.

Alternatively, the usage condition may be a permitted total amount ofplayback time. The permitted total amount of playback time imposes alimitation on a total cumulative amount of time that the user ispermitted to play back the stored content that corresponds to the usagecondition. When, for example, the permitted total amount of playbacktime is set at “10 hours”, the user is permitted to play back thecontent as long as the total amount of playback time is within 10 hours.When the total amount of playback time exceeds 10 hours, playback of thecontent is prohibited.

Further, the usage condition may include all of the limitations, namelythe permitted number of playback times, the permitted playback period,and the permitted total amount of playback time, or it may include anytwo limitations selected from the above three limitations.

(Control Unit 202)

The control unit 202 reads from the content storage unit 201 the contentthat is identified by the content ID along with the usage condition thatis stored in correspondence to that content. The control unit 202 thentransmits the read content and usage condition to the mobile phone 300via the transmission/reception unit 203, the Internet 10, the mobilephone network 20, and the radio base station 30. Here, the transmissionis performed in a secure manner through the use of, for example, theEMMS system.

2.2 Construction of Mobile Phone 300 c

As shown in FIG. 10, the mobile phone 300 c includes a usage conditionstorage unit 305 and a usage condition judgment unit 306 in addition tothe components constituting the mobile phone 300.

(Content Obtaining Unit 302)

The content obtaining unit 302 receives the content and usage conditionfrom the content distribution server device 200 c via the Internet 10,the mobile phone network 20, the radio base station 30, the antenna 367,and transmission/reception unit 361. The content obtaining unit 302 thenwrites the received content into the internal storage unit 303 as thecontent 601, and the received usage condition into the usage conditionstorage unit 305. In this case, the usage condition is the permittednumber of playback times.

(Usage Condition Storage Unit 305)

The usage condition storage unit 305 has a storage area for storing theusage condition.

(Usage Condition Judgment Unit 306)

The usage condition judgment unit 306 reads the usage condition, i.e.,the permitted number of playback times, from the usage condition storageunit 305 to judge whether the read permitted number of playback timesexceeds 0.

When judging that the read permitted number of playback times exceeds 0,the usage condition judgment unit 306 subtracts “1” from the readpermitted number of playback times, and overwrites the usage conditionstored in the usage condition storage unit 305 with the value resultingfrom the subtraction. Next, the usage condition judgment unit 306outputs permission information indicative of permission to play back thecontent stored in the internal storage unit 303.

Alternatively, when judging that the read permitted number of playbacktimes is equal to or less than 0, the usage condition judgment unit 306does not output the permission information, and consequently theplayback unit 304 does not play back the content.

(Playback Unit 304)

The playback unit 304 receives from the usage condition judgment unit306 the permission information indicative of permission to play back thecontent.

Upon receipt of the permission information, the playback unit 304 readsthe content stored in the internal storage unit 303, and plays back theread content to output.

2.3 Operations of Mobile Phone 300 c

Now, description is given to the operations of the mobile phone 300 cwith reference to the flowchart shown in FIG. 11.

Note that overall operations of the digital work distribution system areshown in the flowchart in FIG. 4 provided that the steps S116 and S117are replaced with steps S201-S205 described below.

The usage condition judgment unit 306 reads the usage condition, i.e.,the permitted number of playback times (step S201), and judges whetherthe read permitted number of playback times exceeds 0 (step S202). Whenjudging that the permitted number of playback times exceeds 0 (step5202, YES), the usage condition judgment unit 306 subtracts “1” from thepermitted number of playback times (step S203), and overwrites the usagecondition that is stored in the usage condition storage unit with thevalue resulting from the subtraction (step S204). Next, the usagecondition judgment unit 306 outputs to the playback unit 304 thepermission information indicative of permission to play back the contentstored in the internal storage unit 303. In response, the playback unit304 receives the permission information from the usage conditionjudgment unit 306, reads the content stored in the internal storage unit303, and plays back the read content to output (step S205).

Alternatively, when judging that the read permitted number of playbacktimes is equal to or less than 0 (step S202, NO), the usage conditionjudgment unit 306 does not output the permission information, andconsequently the playback unit 304 does not play back the content. Here,such a setting to delete the content at this stage is also applicable.

2.4 Operations of Mobile Phone 300 c

Now, with reference to the flowchart shown in FIG. 12, description isgiven to the operations of the mobile phone 300 c in the case where theusage condition is the permitted playback period.

Note that the overall operations of the digital work distribution systemare shown in the flowchart in FIG. 4 provided that the steps 5116 and5117 are replaced with steps S211-S214 described below.

The usage condition judgment unit 306 reads the usage condition, i.e.,the permitted playback period, from the usage condition storage unit 305(step S211), obtains the current date/time (step S212), and judgeswhether the obtained current date/time falls within the permittedplayback period (step S213). When judging that the current time/date iswithin the permitted playback period (step S213, YES), the usagecondition judgment unit 306 outputs to the playback unit 304 thepermission information indicative of permission to play back the contentstored in the internal storage unit 303. In response, the playback unit304 receives the permission information from the usage conditionjudgment unit 306, reads the content stored in the internal storage unit303, and plays back the read content to output (step S214).

Alternatively, when judging that the current date/time falls out of thepermitted playback period (step 5213, NO), the usage condition judgmentunit 306 does not output the permission information, and consequentlythe playback unit 304 does not play back the content. Here, such settingmay be applicable that the content is deleted if the current date/timeis after the permitted playback period.

2.5 Operations of Mobile Phone 300 c

Next, with reference to the flowchart shown in FIG. 13, description isgiven to the operations of the mobile phone 300.c in the case where theusage condition is the permitted total amount of playback time.

Note that overall operations of the digital work distribution system areshown in the flowchart in FIG. 4 provided that the steps 5116 and 5117are replaced with steps S221-S226 described below.

Here, the content storage unit 201 further has a storage area forstoring a total amount of actual playback time. The total amount ofactual playback time is a cumulative amount of time that the content hasbeen actually played back. Further, the content includes playback timeinformation showing the time taken to play back the entire content.

The usage condition judgment unit 306 reads the usage condition, i.e.,the permitted total amount of playback time, along with the total amountof actual playback time from the usage condition storage unit 305 (stepS221), obtains from the content the playback time information showingthe time taken to play back the content (step S222), and calculates thesum of the read total amount of actual playback time and the time shownby the obtained playback information to compare the thus calculated sumwith the permitted total amount of playback time (step 5223). Whenjudging that the permitted total amount of playback time is equal to orgreater than the calculated sum (step S223, YES), the usage conditionjudgment unit 306 outputs to the playback unit 304 the permissioninformation indicative of permission to play back the content stored inthe internal storage unit 303. In response, the playback unit 304receives the permission information from the usage condition judgmentunit 306, reads the content stored in the internal storage unit 303, andplays back the read content to output (step S224). Then, the usagecondition judgment unit 306 calculates the total amount of actualplayback time by performing the following expression: Total Amount ofActual Playback Time=(Total Amount of Actual Playback Time)+(PlaybackTime Information) (step S225), and overwrites the total amount of actualplayback time stored in the usage condition storage unit 305 with thenewly calculated total amount of actual playback time (step S226).

Alternatively, when judging that the permitted total amount of playbacktime is smaller than the calculated sum (step S223, NO), the usagecondition judgment unit 306 does not output the permission information,and consequently, the playback unit 304 does not play back the content.Here, such setting may be applicable that the content is deleted if thepermitted total amount of playback time is smaller than the total amountof actual playback time. Further, such setting may be also applicablethat playback of the content is permitted even when the permitted totalamount of playback time is not enough to play back the entire content.

2.6 Overview

As described above, the content storage unit 201 included in the contentdistribution server device 200 c stores the content and thecorresponding usage condition in association with each other, and thecontent distribution server device 200 c transmits the content and thecorresponding usage condition to the mobile phone 300 c. When the userpurchases the content that is provided with the usage condition, theinternal storage unit 303 included in the mobile phone 300 c stores thepurchased content, and the usage condition storage unit 305 stores thetransmitted usage condition.

When the user intends to play back the content that he has purchasedearlier, the usage condition judgment unit 306 judges whether to permitplayback of the content based on the corresponding usage conditionstored in the usage condition storage unit 305. When judging to permitplayback of the content, the usage condition judgment unit 306 instructsthe playback unit 304 to play back the content.

Further, the usage condition may be the number of times permitted forthe content to be copied or moved. Here, “to copy” the content refers toduplicate the content stored in the internal storage unit and to writethe duplication of content into a recording medium. Here, note that onlythe first generation “copying” of content is permitted, i.e., copyingfrom duplication of content is prohibited. In addition, “to move” thecontent refers to write the content stored in the internal storage unitinto a recording medium and to delete the content stored in the internalstorage unit. When the usage condition is the number of times permittedfor the content to be copied or moved, the content is permitted to becopied or moved for the permitted number of times.

The procedure to encrypt the purchased content to store into the memorycard 400 and the procedure to read the encrypted content from the memorycard 400 to the mobile phone 300 c are the same as those described inembodiment 1, and thus description thereof is omitted. Here, it shouldbe noted that the usage condition data is not written into the memorycard, but held in the usage condition storage unit 305 included in themobile phone 300 c.

Note that the usage condition storage unit 305 is protected from beingexternally read or written with any devices other than a specificallypermitted device which will be described later. To be more specific, theusage condition storage unit 305 is composed of tamper-resistanthardware, tamper-resistant software, or a combination of the two.

Further, the usage condition storage unit 305 may be included in a card,such as SIM card for use with mobile phones that is attachable to anddetachable from the mobile phone.

With the above construction, when a content is provided with a usagecondition, the content is permitted to be played back only when theusage condition is met.

Generally speaking, the internal storage unit 303 of the mobile phone300 is limited in its memory capacity. Conventionally, this limitationresults in the following problem. In the case the internal storage unitis full with digital works, some of the digital works stored in theinternal storage unit need to be deleted to secure a free memory spacebefore purchasing another digital work, or otherwise, the user has togive up purchasing another digital work.

According to embodiment 2, however, similarly to embodiment 1, the useris allowed to store some of the digital works stored in the internalstorage unit 303 of the mobile phone 300 c into the memory card 400attached to the mobile phone 300 c when he decides not to use thedigital works any time soon. In this manner, a free memory space issecured in the internal storage unit 303 without losing the rights toplay back the purchased digital works, so that some more digital worksmay be purchased.

Further, with the above construction, when a content is encrypted by acertain mobile phone and stored in a memory card attached thereto, theencrypted content is not possibly decrypted or played back by any mobilephone other than that particular mobile phone. That is to say,embodiment 2 achieves an effect of meeting copyholders' demand that acontent stored into a memory card using a certain mobile phone beprohibited from being decrypted or played back using any other mobilephone although the memory card is attached thereto.

3. Preferred Embodiment 3

Now, description is given to a digital work distribution system 100 dconsistent with preferred embodiment 3 of the present invention.

Similarly to the digital work distribution system 100 c, when usagecondition for is provided, the digital work distribution system 100 dpermits the mobile phone to play back the content only under theconditions satisfying the usage condition.

The digital work distribution system 100 d has a construction similar tothat of the digital work distribution system 100 c. Thus, description isgiven mainly to the differences with the digital work distributionsystem 100 c.

The digital work distribution system 100 d includes a contentdistribution server device 200 d, mobile phone 300 d, and a memory card400 d instead of the content distribution server device 200 c, themobile phone 300 c, and the memory card 400, respectively. Note that thecontent distribution server device 200 d is the same as the contentdistribution server device 200 c.

3.1 Memory Card 400 d

As shown in FIG. 14, the memory card 400 d is composed of a firstexternal storage unit 412, a second external storage unit 411, and anauthentication unit 490.

The authentication unit 490 performs challenge-response type, mutualauthentication with an authentication unit 390 (described later)included in the mobile phone 300 d. To be more specific, theauthentication unit 490 waits for the authentication unit 390 toauthenticate the authentication unit 490, and then authenticates theauthentication unit 390. Only when both the authentication processes aresuccessful, the mutual authentication is regarded to be successful.Since the challenge-response type authentication is a known technique,description thereof is omitted.

The first external storage unit 412 has a storage area for storing anencrypted content.

The second external storage unit 411 is a storage unit that is read orwritten from another end, i.e., the mobile phone 300 d only afterauthentication by the authentication unit 490 has been successfullyperformed. The second external storage unit 411 has a storage area forstoring encrypted concatenated information which will be describedlater.

3.2 Construction of Mobile Phone 300 d

The mobile phone 300 d has a construction similar to that of the mobilephone 300 c.

As shown in FIGS. 15 and 16, the mobile phone 300 d includes anencryption/decryption unit 380 d instead of the encryption/decryptionunit 380 that is included in the mobile phone 300 c, and also includeswrite units 331 and 332 as well as read units 351 and 352 instead of thewrite unit 330 and the read unit 350 that are included in the mobilephone 300 c. The mobile phone 300 d further includes the authenticationunit 390. The other components are the same as those constituting themobile phone 300 c.

Here, description is given mainly to differences with the mobile phone300 c.

(1) Authentication Unit 390

The authentication unit 390 receives an authentication instruction fromthe control unit 366.

Upon receipt of the authentication instruction, the authentication unit390 performs challenge-response type, mutual authentication with theauthentication unit 490 included in the memory card 400 d. To be morespecific, first, the authentication unit 390 authenticates theauthentication unit 490. Next, the authentication unit 390 waits for theauthentication unit 490 to authenticate the authentication unit 390.Only when both the authentication processes are successful, the mutualauthentication is regarded to be successful.

When the mutual authentication has been successfully performed, theauthentication unit 390 outputs information indicative of the success ofthe mutual authentication.

(2) Encryption/Decryption Unit 380 d

As shown in FIG. 16, the encryption/decryption unit 380 d is composed ofa title key generating unit 321 d, an encryption unit 322 d, anencryption unit 323 d, a concatenation unit 324, a decryption unit 342d, a decryption unit 343 d, and a split unit 344.

(Title Key Generating Unit 321 d)

The title key generating unit 321 d receives a storage instruction fromthe control unit 366.

Upon receipt of the storage instruction from the control unit 366, thetitle key generating unit 321 d generates a title key in a similarmanner to that of the title key generating unit 321 induced in theencryption/decryption unit 380 b, and outputs the generated title key tothe concatenation unit 324 and the encryption unit 323 d.

(Encryption Unit 322 d)

The encryption unit 322 d reads the unique information from the uniqueinformation storage unit 310, and receives the concatenated informationfrom the concatenation unit 324. Next, the encryption unit 322 d appliesencryption algorithm E2 to the received concatenated information usingthe read unique key information as a key, thereby to generate encryptedconcatenated information, and outputs the encrypted concatenatedinformation to the write unit 331.

(Encryption Unit 323 d)

The encryption unit 323 d receives the title key from the title keygenerating unit 321 d, and reads the content 601 from the internalstorage unit 303. Next, the encryption unit 323 d applies encryptionalgorithm E3 to the read content using the received title key as a key,thereby to generate an encrypted content, and outputs the encryptedcontent to the write unit 332.

(Concatenation Unit 324)

The concatenation unit 324 receives the title key from the title keygenerating unit 321 d, and reads the usage condition from the usagecondition storage unit 305. Next, the concatenation unit 324concatenates the received title key with the read usage condition in thestated order to generate concatenated information, and outputs thegenerated concatenated information to the encryption unit 322 d.

(Decryption Unit 342 d)

The decryption unit 342 d receives the encrypted concatenatedinformation from the read unit 351, and reads the unique informationfrom the unique information storage unit 310. Next, the decryption unit342 d applies decryption algorithm D2 to the received, encryptedconcatenated information using the read unique information as a key,thereby to generate the concatenated information, and outputs thegenerated concatenated information to the split unit 344.

(Decryption Unit 343 d)

The decryption unit 343 d receives the encrypted content from the readunit 352, and the title key from the split unit 344. The decryption unit343 d then applies decryption algorithm D3 to the received encryptedcontent using the received title key as a key, thereby to generate thecontent, and writes the generate content into the internal storage unit303.

(Split unit 344)

The split unit 344 receives the concatenated information from thedecryption unit 342 d, and splits the received concatenated informationto generate the title key and the usage condition. The split unit 344then outputs the generated title key to the decryption unit 343 d, andwrites the generated usage information into the usage condition storageunit 305.

(3) Write Unit 331

The write unit 331 receives the encrypted concatenated information fromthe encryption unit 322 d, and writes the received, encryptedconcatenated information into the second external storage unit 411included in the memory card 400 d.

(4) Write Unit 332

The write unit 332 receives the encrypted content from the encryptionunit 323 d, and writes the received encrypted content into the firstexternal storage unit 412.

(5) Read Unit 351

The read unit 351 receives a read instruction from the control unit 366.

Upon receipt of the read instruction, the control unit 366 reads theencrypted concatenated information from the second external storage unit411 included in the memory card 400 d, and outputs the read encryptedconcatenated information to the decryption unit 342 d.

(6) Read Unit 352

The read unit 352 reads the encrypted content 602 from the firstexternal storage unit 412 included in the memory card 400 d, and outputsthe read encrypted content to the decryption unit 343 d.

(7) Control Unit 366

The control unit 366 receives a content write instruction and a contentread instruction from the input unit 365. Upon receipt of the writeinstruction or the read instruction, the control unit 366 outputs anauthentication instruction to the authentication unit 390.

Further, the control unit 366 receives from the authentication unit 390information indicative of whether the authentication has succeeded orfailed.

In the case of receiving the content write instruction from the inputunit 365 as well as the information indicative of successfulauthentication from the authentication unit 390, the control unit 366outputs a storage instruction to the title key generating unit 321 d ofthe encryption/decryption unit 380 d.

In the case of receiving the read instruction from the input unit 365and the information indicative of successful authentication from theauthentication unit 390, the control unit 366 outputs a read instructionto the read unit 351.

In the case of receiving the write instruction or the read instructionalong with the information indicative of unsuccessful authentication,the control unit 366 discards the received write instruction or readinstruction, and consequently no write operation or read operation isperformed.

3.3 Operations of Digital Work Distribution System 100 d

Hereinafter, description is given to the operations of the digital workdistribution system 100 d.

(1) Overall Operations of Digital Work Distribution System 100 d

First, description is given to the overall operations of the digitalwork distribution system 100 d with reference to the flowchart shown inFIG. 17.

The content purchasing unit 301 of the mobile phone 300 d receives thecontent ID from the input unit 365 to generate the payment information(step S251), and transmits the content ID and the payment information tothe content distribution server device 200 d (step S252).

The control unit 202 of the content distribution server device 200 dreceives the content ID and the payment information from the mobilephone 300 d (step S252), performs the processing to receive the paymentbased on the received payment information (step S253), reads from thecontent storage unit 201 the content identified by the received contentID (step S254), and transmits the read content to the mobile phone 300 d(step S255).

The content obtaining unit 302 of the mobile phone 300 d receives thecontent transmitted from the content distribution server device 200 d(step S255), and writes the received content into the internal storageunit 303 as the content 601 (step 5256).

In the case of receiving a content write instruction from the input unit365, the control unit 366 outputs an authentication instruction to theauthentication unit 390 (step S257). Upon receipt of the authenticationinstruction, the authentication unit 390 performs mutual authenticationwith the authentication unit 490 of the memory card 400 d (step S258).When the authentication is successfully performed, i.e., when receivinginformation indicative of successful authentication from theauthentication unit 390, the control unit 366 outputs a storageinstruction to the encryption/decryption unit 380 d (step S259, YES),and the encryption/decryption unit 380 d performs processing to storethe content (step S260). Alternatively, when the authentication isunsuccessful, i.e., when receiving the information indicative ofunsuccessful authentication from the authentication unit 390 (step S259,NO), the control unit 366 discards the content write instruction thathas been received. As a consequence, no storage processing is performed.

Alternatively, in the case of receiving a content read instruction fromthe input unit 365, the control unit 366 inputs an authenticationinstruction to the authentication unit 390 (step S257). Upon receipt ofthe authentication instruction from the control unit 366, theauthentication unit 390 performs mutual authentication with theauthentication unit 490 included in the memory card 400 d (step S261).When the authentication is successfully performed, i.e., when receivingthe information indicative of successful authentication from theauthentication unit 390 (step S262, YES), the control unit 366 outputs aread instruction to the read unit 351, and in response, the read unit351 performs read processing (step S263). Alternatively, when theauthentication is unsuccessful, i.e., when receiving the informationindicative of unsuccessful authentication from the authentication unit390 (step 5262, NO), the control unit 366 discards the read instructionthat has been received. As a consequence, no read processing isperformed.

Alternatively, in the case of receiving a content playback instructionfrom the input unit 365 (step S257), the control unit 366 instructs toperform playback processing (step S264).

(2) Operations for Mutual Authentication between Mobile Phone 300 d andMemory Card 400 d

Now, description is given to the operations performed for mutualauthentication between the mobile phone 300 d and the memory card 400 dwith reference to the flowchart shown in FIG. 18.

Note that the operations for mutual authentication described herein arethe details of the operations performed in the steps 5258 and 5261 shownin the flowchart in FIG. 17.

The authentication unit 390 of the mobile phone 300 d authenticates theauthentication unit 490 of the memory card 400 d (step S271). When theauthentication in this step is successfully performed (step S272, YES),then the authentication unit 490 authenticates the authentication unit390 (step S273).

When the authentication in this step is successfully performed (step5274, YES), the authentication unit 490 outputs to the control unit 366information indicative of successful authentication (step S275).

When the authentication in the step 5271 is unsuccessful (step 5272,NO), or when the authentication in the step S273 is unsuccessful (step5274, NO), the authentication unit 490 outputs to the control unit 366information indicative of unsuccessful authentication (step 5276).

(3) Operations for Storage Processing

Next, with reference to the flowchart shown in FIG. 19, description isgiven to the operations performed by the mobile phone 300 d for thestorage processing.

Upon receipt of the storage instruction from the control unit 366, thetitle key generating unit 321 d of the encryption/decryption unit 380 dgenerates a title key, and outputs the generated title key to theconcatenation unit 324 and encryption unit 323 d (step S281).

Next, the concatenation unit 324 receives the title key from the titlekey generating unit 321 d, and reads the usage condition from the usagecondition storage unit 305 (step 5282).

Next, the concatenation unit 324 concatenates the received title key andthe read usage condition in the stated order to generate concatenatedinformation, and outputs the generated concatenated information to theencryption unit 322 d (step S283).

Next, the encryption unit 322 d reads unique information from the uniqueinformation storage unit 310, and receives the concatenated informationfrom the concatenation unit 324 (step S284). Next, the encryption unit322 d applies encryption algorithm E2 to the received concatenatedinformation using the read unique information as a key, thereby togenerate encrypted concatenated information, and outputs the encryptedconcatenated information to the write unit 331 (step 5285). In response,the write unit 331 receives the encrypted concatenated information fromthe encryption unit 322 d, and writes the received, encryptedconcatenated information into the second external storage unit 411included in the memory card 400 d (step 5286).

Next, the encryption unit 323 d receives the title key from the titlekey generating unit 321 d, and reads the content 601 from the internalstorage unit 303 (step S287). Further, the encryption unit 323 d appliesencryption algorithm E3 to the read content using the received title keyas a key, thereby to generate an encrypted content, and outputs thegenerated encrypted content to the write unit 332 (step 5288). Inresponse, the write unit 332 receives the encrypted content from theencryption unit 323 d, and writes the received encrypted content to thefirst external storage unit 412 (step S289).

(4) Operations for Read Processing

Now, description is given to the operations performed by the mobilephone 300 d for read processing with reference to FIG. 20.

Upon receipt of the read instruction from the control unit 366, the readunit 351 reads the encrypted concatenated information from the secondexternal storage unit 411 included in the memory card 400 d, and outputsthe read encrypted concatenated information to the decryption unit 342 d(step S291). In response, the decryption unit 342 d receives theencrypted concatenated information from the read unit 351, reads theunique information from the unique information storage unit 310 (stepS292), applies decryption algorithm D2 to the received, encryptedconcatenated information using the read unique information as a key,thereby to generate the concatenated information, and then outputs thegenerated concatenated information to the split unit 344 (step S293).

Subsequently, the split unit 344 receives the concatenated informationfrom the decryption unit 342 d, and splits the received concatenatedinformation so as to generate the title key and the usage condition. Thesplit unit 344 then outputs the generated title key to the decryptionunit 343 d, and writes the regenerated usage condition into the usagecondition storage unit 305 (step S294).

Next, the read unit 352 reads the encrypted content 602 from the firstexternal storage unit 412 included in the memory card 400 d, and outputsthe read encrypted content to the decryption unit 343 d (step S295).Next, the decryption unit 343 d receives the encrypted content and thetitle key from the read unit 352 and the split unit 344, respectively,applies decryption algorithm D3 to the received encrypted content usingthe received title key as a key, thereby to generate the content (stepS296), and writes the generated content into the internal storage unit303 (step S297).

3.4 Overview

To write the content into the memory card 400 d, the mobile phone 300 dgenerates the title key, reads the usage condition, and concatenates thetitle key with the usage condition to generate the concatenatedinformation. Next, the mobile phone 300 d encrypts the concatenatedinformation using the unique information, and writes the encryptedconcatenated information into the second external storage unit 411included in the memory card 400 d. Next, the mobile phone 300 d readsthe content from the internal storage unit 303, encrypts the readcontent using the title key, and writes the encrypted content into thefirst external storage unit 412 included in the memory card 400 d.

To read the content from the memory card 400 d, the mobile phone 300 dreads the encrypted concatenated information from the second externalstorage unit 411 included in the memory card 400 d, and decrypts theread encrypted concatenated information using the unique information togenerate the concatenated information. The mobile phone 300 d thensplits the generated concatenated information to generate the title keyand the usage condition, and writes the generated usage condition intothe usage condition storage unit 305. Next, the mobile phone 300 d readsthe encrypted content from the first external storage unit 412 includedin the memory card 400 d, and decrypts the encrypted content using thetitle key as a key to generate the content, and writes the generatedcontent into the internal storage unit 303.

To play back the content, the mobile phone 300 d plays back the contentstored in the internal storage unit 303 in compliance with the usagecondition stored in the usage condition storage unit 305.

3.5 Operating Procedure Performed by User of Mobile Phone 300 d

Hereinafter, description is given to the operating procedure that theuser of the mobile phone 300 d performs.

(1) First, with the use of the content purchasing unit 301 of the mobilephone 300 d, the user selects and purchases a content from amongcontents each of which is provided with a usage condition and is storedin the content storage unit 201 of the content distribution serverdevice 200 d. Then, with the use of the content obtaining unit 302, theuser receives the content that he has purchased. The content and theusage condition are then stored respectively into the internal storageunit 303 and the usage condition storage unit 305 both of which areincluded in the mobile phone 300 d.(2) Next, in the case where the purchased content, for example, iskaraoke data and the usage condition attached thereto permits theplayback of the content up to ten times, the usage condition judgmentunit 306 permits the playback unit 304 to play back the karaoke data upto ten times.(3) Further, in the following procedure, the user may store into thememory card 400 d the content 601 and the usage condition that arerespectively stored in the internal storage unit 303 and the usagecondition storage unit 305 both of which are included in the mobilephone 300 d.

(3.1) The user attaches the memory card 400 d to the mobile phone 300 d,and selects an operation to store the purchased content which isprovided with the usage condition into the memory card.

(3.2) In response, a title key that is unique to each content isgenerated by the title key generating unit 321 d. The generated titlekey is then concatenated with the usage condition by the concatenationunit 324 to generate concatenated information. The concatenatedinformation is encrypted by the encryption unit 322 d using the uniqueinformation stored in the unique information storage unit 310. Providedthat the mutual authentication is successfully performed between theauthentication unit 390 of the mobile phone 300 d and the authenticationunit 490 of the memory card 400 d, the encrypted concatenatedinformation is stored by the write unit 331 into the second externalstorage unit 411 included in the memory card 400 d. Next, the contentstored in the internal storage unit 303 is encrypted by the encryptionunit 323 d using the title key, and the encrypted content is stored inthe first external storage unit 412 included in the memory card 400 d.

(4) Still further, the user may extract the usage condition and thecontent from the encrypted concatenated information and the encryptedcontent 602 that are stored in the memory card 400 d, and store theextracted content and usage condition into the internal storage unit 303of the mobile phone 300 d in the following procedure.

(4.1) The user attaches the memory card 400 d to the mobile phone 300 d,and selects an operation to fetch from the memory card 400 d theencrypted content which is provided with the usage condition.

(4.2) In response, the mutual authentication is performed between theauthentication unit 390 of the mobile phone 300 d and the authenticationunit 490 of the memory card 400 d. Provided that the mutualauthentication is successful, the encrypted concatenated informationstored in the second external storage unit 411 is read by the read unit351. The read encrypted concatenated information is then decrypted bythe decryption unit 342 d using the unique information stored in theunique information storage unit 310. The decrypted concatenatedinformation is then split so as to generate the title key and the usagecondition. The usage condition is stored into the usage conditionstorage unit 305. Further, the encrypted content stored in the firstexternal storage unit 412 included in the memory card 400 d is read bythe read unit 352. The read content is then decrypted by the decryptionunit 343 d using the title key to generate a decrypted content, and thedecrypted content is stored in the internal storage unit 303.

3.6 Other

(1) In the above embodiment of the present invention, the description isgiven to the procedure for storing into the memory card the purchasedcontent which is provided with the usage condition. Yet, whether thecontent has been purchased is not an essential matter to the presentinvention. That is, for example, the above procedure is applicable to acontent which is provided as a free sample with a certain usagecondition.(2) DES encryption is one example of the encryption system employed inthe encryption units 322 d and 323 d and the decryption units 342 d and343 d.

In the case of employing DES encryption, the unique information storedin the unique information storage unit 310 may be a unique key having 56bits. Alternatively, the telephone number allotted to the mobile phonemay be used as the unique information. In the latter case, it ispreferable to employ a secret conversion function that returns a 56-bitunique key in response to input of the telephone number. Here, oneexample of such a conversion function is to use DES encryption in thefollowing manner. That is, the telephone number is subjected to DESencryption using a secret unique value having 56 bits to output a valuehaving 64 bits. The last 56 bits of the outputted value are used as theunique information.

(3) Further, the unique information storage unit 310, the internalstorage unit 303, and the usage condition storage unit 305 are protectedfrom being read or written from any external device other than aspecially permitted device, such as a later-described model changedevice. To be more specific, each of the unique information storage unit310, the internal storage unit 303, and the usage condition storage unit305 is composed of tamper-resistant hardware, tamper-resistant software,or a combination of the two.(4) Still further, the unique information storage unit 310 and the usagecondition storage unit 305 may be constructed within a card such as SIMthat is attachable to and detachable from the mobile phone.(5) Still further, at the time of encrypting the content using the DESencryption, the content is divided into data blocks each having 64 bits,and then each data block is encrypted using the 56-bit unique key togenerate a 64-bit encrypted data block. The thus generated encrypteddata blocks are then concatenated together, and the concatenatedencrypted data blocks are outputted as the encrypted content.(6) With the above construction, a content which is provided with ausage condition is played back only under the conditions conforming tothe usage condition.

Further, generally speaking, the internal storage unit 303 of the mobilephone 300 d is limited in its memory capacity. Conventionally, thislimitation results in the following problem. In the case the internalstorage unit is full with digital works, the user is required to deletesome of the digital works stored in the internal storage unit to securea free memory space before purchasing another digital work, or otherwisehe simply has to give up purchasing another digital work.

However, according to embodiment 3, similarly to the embodiments 1 and2, the user is allowed to store some of the digital works stored in theinternal storage unit 303 of the mobile phone 300 d into the memory card400 d attached the mobile phone 300 d when he decides not to use thedigital works any time soon. In this manner, a free memory space issecured in the internal storage unit 303 of the mobile phone 300 dwithout losing the rights to play back those digital works he haspurchased. As a consequence, the user is allowed to purchase some moredigital works to store into the internal storage unit 303.

(7) With the above construction, when a content is encrypted and storedin a memory card attached to a certain mobile phone, the encryptedcontent is not possibly decrypted or played back by any mobile phoneother than that particular mobile phone.

That is to say, embodiment 3 achieves an effect of meeting copyholders'demand that a content stored into a memory card using a certain mobilephone be prohibited from being decrypted or played back using any othermobile phone although the memory card is attached thereto.

4. Preferred Embodiment 4

Now, description is given to another preferred embodiment 4.

4.1 Model Change System 600 e

Here, description is given to a model change system 600 e.

The model change system 600 e aims to provide a model change device usedto change a record/playback device, such as a mobile phone, that isusable under a contract made between a user and a service provider to anew record/playback device due to a change of the contract. Upon themodel change with this model change device, digital works stored in theoriginally used record/playback device are available for the newrecord/playback device with no processing performed on the digitalworks.

For example, upon release of new mobile phones having additionalfeatures, a user may want to change a mobile phone that he currentlyuses to a new one. In such a case, the user is allowed to use the newmobile phone with the same telephone number that is originally allottedto the current one. This is done by re-allotting the telephone numberthat is originally allotted to the current mobile phone to the newmobile phone. Such re-allotting of a certain telephone number that isallotted to a certain mobile phone to another mobile phone is referredto as model change of mobile phones.

After the model change as described above, the contents that have beenpurchased and stored in the mobile phone of the embodiment 1, 2, or 3are not usable with the new mobile phone. Description as to why suchcontents will not be played back has been already given above.

It is disadvantageous to the user if the contents that the user haspurchased and stored in the memory card become non-usable due to themodel change. The model change system 600 e aims to address thisproblem.

(Construction of Model Change System 600 e)

As shown in FIG. 21, the model change system 600 e is composed of amobile phone A 300 e, a model change device 500, and a mobile phone B300 f. The mobile phone A 300 e and the mobile phone B 300 f areseparately connected to the model change device 500.

The mobile phone A 300 e has a construction similar to that of any ofthe mobile phones described in the above embodiments 1, 2 and 3, exceptfor a unique information storage unit 310 e. Note that the othercomponents are not illustrated in the figure for simplicity' s sake. Theunique information storage unit 310 e prestores unique information.

Further, the mobile phone B 300 f has a construction similar to that ofany of the mobile phones described in the above embodiments 1, 2 and 3,except for a unique information storage unit 310 f. Note that the othercomponents are not illustrated in the figure for simplicity's sake. Theunique information storage unit 310 f has a storage area for storing theunique information.

The model change device 500 is composed of an information read unit 501and an information write unit 502.

The information read unit 501 reads the unique information stored in theunique information storage unit 310 e that is included in the mobilephone A 300 e, and successively deletes the unique information from theunique information storage unit 310 e. The information read unit 501then outputs the read information to the information write unit 502.

The information write unit 502 receives the unique information from theinformation read unit 501, and writes the received unique informationinto the unique information storage unit 310 f that is included in themobile phone B 300 f. Here, the unique information is information thatis unique to the mobile phone A 300 e. Examples of the uniqueinformation include the telephone number allotted to the mobile phone A300 e, and a random number that is randomly generated and allotted tothe mobile phone A 300 e.

(Operations of Model Change System 600 e)

Now, description is given to the operations of the model change system600 e with reference to the flowchart shown in FIG. 22.

The information read unit 501 reads the unique information from theunique information storage unit 310 e (step 5301), and successivelydeletes the unique information from the unique information storage unit301 e (step S302). Next, the information write unit 502 writes theunique information that is received from the information read unit 501into the unique information storage unit 310 f (step S303).

(Overview)

With the above construction, the mobile phone B is allowed to read andplay back the contents that have been purchased and stored into thememory card using the mobile phone A without performing any processingon the contents.

4.2 Model Change System 600 g

Here, description is given to a model change system 600 g.

As shown in FIG. 23, the model change system 600 g is composed of amobile phone A 300 g, the model change device 500, and a mobile phone B300 h. The mobile phone A 300 g and the mobile phone B 300 h areseparately connected to the model change system 500.

The mobile phone A 300 g has a construction similar to that of any ofthe mobile phones described in the embodiment 2 and 3, except for aunique information storage unit 310 g and a usage condition storage unit305 g. Note that the other components are not illustrated in the figurefor simplicity' s sake. The unique information storage unit 310 gprestores unique information, and the usage condition storage unit 305 gprestores the usage condition.

The mobile phone B 300 h has a construction similar to that of themobile phone described in the embodiment 2 or 3, except for a uniqueinformation storage unit 310 h and a usage condition storage unit 305 h.Note that the other components are not illustrated in the figure forsimplicity' s sake. The unique information storage unit 310 h has astorage area for storing the unique information, and the usage conditionstorage unit 305 h has a storage area for storing the usage condition.

The model change system 500 is composed of an information read unit 501and an information write unit 502.

The information read unit 501 reads the unique information from theunique information storage unit 310 g that is included in the mobilephone A 300 g, and reads the usage condition from the usage conditionstorage unit 305 g. Subsequently, the information read unit 501 deletesthe unique information and the usage condition from the uniqueinformation storage unit 310 e and the usage condition storage unit 305g, respectively. Next, the information read unit 501 outputs the readunique information and usage condition to the information write unit502.

In response, the information write unit 502 receives the uniqueinformation and usage condition from the information read unit 501.Next, the information write unit 502 writes the received uniqueinformation and usage condition respectively into the unique informationstorage unit 310 h and the usage condition storage unit 305 h both ofwhich are included in the mobile phone B 300 h.

With the above construction, the mobile phone B is allowed to read andplay back the contents that have been purchased and stored into thememory card by the mobile phone A without processing the contents atall.

4.3 Modification

Normally, in order for model change or cancellation of contract, mobilephone users need to bring his mobile phone to a mobile phone serviceprovider typified by “DoCoMo shop” where processing for model change orcancellation of contract is performed. Here, “cancellation of contract”refers to cancellation of the contract that has been made between amobile phone user and a mobile phone service provider. Aftercancellation of a contract, the telephone number allotted to a mobilephone under the contract is no longer usable.

Hereinafter, description is given to a model change system whicheliminates user' s trouble to make a trip to a service provider shop atthe time of canceling his contract.

At the time of model change or cancellation of a contract, requirementssuch as the following must be fulfilled.

(Requirement A)

Upon model change of mobile phone, it is required that a new mobilephone (a newly purchased mobile phone) replacing a current one will beallowed to play back the contents stored in the memory card. In return,it is required that the mobile phone to be replaced (the mobile phonecurrently in use) will be no longer allowed to play back the contentsstored in the memory card.

(Requirement B)

Even after the contract for a mobile phone is cancelled, it is requiredthat the contents stored in the memory card be still played back by themobile phone. That is to say, after the cancellation of the contract,the mobile phone no longer works as a telephone, but still works as aplayback device for playback of the contents that have been purchasedearlier.

(Requirement C)

Even when a service provider of mobile phones (carrier) is changed toanother one, it is required that the content stored in the memory cardstill be played back by the mobile phone that is usable under operationsby the new carrier. For example, even after the mobile phone serviceprovider is changed from “DoCoMo” to “au”, the mobile phone still needsto be allowed to play back the contents stored in the memory card.

(1) Model Change System 600 m

A model change system 600 m aims to meet “Requirement A” above. To thisend, the model change system 600 m stores the unique information storedin the mobile phone that is currently in use to a new mobile phone via acommunications network, and successively deletes the unique informationfrom the current mobile phone via a communications network.

As shown in FIG. 24, the model change system 600 m is composed of amobile phone A 300 m, a mobile phone B 300 n, a personal computer (PC)650, and a model change device 500 m. The PC 650 and the model changedevice 500 m are connected with each other via the Internet 10. Themobile phone A 300 m is a mobile phone that is currently in use and tobe replaced, and the mobile phone B 300 n is a new mobile phonereplacing the current one.

(Mobile Phone A 300 m)

The mobile phone A 300 m has a construction similar to that of any ofthe mobile phones described in the embodiment 1, 2, and 3, except for aunique information storage unit 310 m. Additionally, the mobile phone A300 m includes a judgment unit 360 m. Note that the other components arenot illustrated in the figure for simplicity' s sake.

The unique information storage unit 310 m prestores unique information.

The judgment unit 360 m, when the mobile phone A 300 m is connected tothe model change device 500 m via the PC 650 and the Internet 10,receives from the model change device 500 m first model changeinformation which will be described later. The judgment unit 360 m thenjudges whether the received first model change information is validinformation based on signature information included in the first modelchange information. Since the technique of judging authenticity of thefirst model change information is known as a digital signaturetechnique, the detailed description thereof is omitted. When judgingthat the information is valid, the judgment unit 360 m, following a readinstruction included in the first model change information, reads theunique information from the unique information storage unit 310 m, andtransmits the read unique information to the model change device 500 mvia the PC 650 and the Internet 10. In addition, when judging that theinformation is valid, the judgment unit 360 m, following a deleteinstruction included in the first model change information, deletes theunique information from the unique information storage unit 310 m.Alternatively, when judging that the information is invalid, thejudgment unit 360 m simply discards the received first model changeinformation, and performs no operation.

(Mobile Phone B 300 n)

The mobile phone B 300 n has a construction similar to that of any ofthe mobile phones described in embodiment 1, 2, and 3, except for aunique information storage unit 310 n. Additionally, the mobile phone B300 n includes a judgment unit 360 n. Note that the other components arenot illustrated in the figure for simplicity's sake.

The unique information storage unit 310 n has a storage area for storingthe unique information.

The judgment unit 360 n, when the mobile phone B 300 n is connected tothe model change device 500 m via the PC 650 and the Internet 10,receives from the model change device 500 m second model changeinformation, which will be described later, and judges whether thereceived second model change information is valid information based onsignature data included in the second model change information. Whenjudging that the information is valid, the judgment unit 360 n,following a write instruction included in the second model changeinformation, extracts the unique information from the second modelchange information, and writes the extracted unique information into theunique information storage unit 310 n. Alternatively, when judging thatthe information is invalid, the judgment unit 360 n simply discards thereceived second model change information, and performs no operation.

(PC 650)

To be more specific, the PC 650 is a computer system composed of, forexample, a microprocessor, ROM, RAM, a hard disk unit, a display unit, akeyboard, a mouse, a LAN connecting unit, and a connecting unit for amobile phone. The RAM or the hard disk unit used in the computer systemstores a computer program. The PC 650 performs its function by themicroprocessor operating in accordance with the computer program.

Upon receipt of a user operation for model change, the PC 650 transmitsa model change instruction to the model change device 500 m via theInternet 10.

Successively, the PC 650 performs transmission of information betweenthe mobile phone A 300 m and the model change device 500 m via theInternet 10. The PC 650 then performs transmission of informationbetween the mobile phone B 300 n and the model change device 500 m viathe Internet 10.

(Model Change Device 500 m)

The model change device 500 m has a construction similar to that of themodel change device 500, and additionally includes atransmission/reception unit 505.

The transmission/reception unit 505 receives the model changeinstruction from the PC 650 via the Internet 10. Upon receipt of themodel change instruction, the transmission/reception unit 505 generatesfirst model change information. Here, the first model change informationincludes signature data indicating the self-authenticity, a readinstruction instructing to read the unique information, and a deleteinstruction instructing to delete the unique information. Next, thetransmission/reception unit 505 transmits the generated first modelchange information to the mobile phone A 300 m.

Further, the transmission/reception unit 505 receives the uniqueinformation from the mobile phone A 300 m.

Next, the transmission/reception unit 505 generates second model changeinformation. Here, the second model change information includessignature data indicating the self-authenticity, a read instructioninstructing to read the received unique information, and a writeinstruction instructing to write the unique information. Next, thetransmission/reception unit 505 transmits the generated second modelchange information to the mobile phone B 300 n.

(Operations of Model Change System 600 m)

Now, description is given to the operations of model change system 600 mwith reference to the flowchart shown in FIG. 25.

At this stage, the user connects both the mobile phone A 300 m and themobile phone B 300 n to the PC 650.

Upon receipt of a user operation for model change (step S501), the PC650 transmits a model change instruction to the model change device 500m via the Internet 10 (step S502).

In response, the transmission/reception unit 505 included in the modelchange device 500 m receives the model change instruction from the PC650 via the Internet 10 (step S502), generates the first model changeinformation (step S503), and transmits the generated first model changeinformation to the mobile phone A 300 m (step S504).

Upon receipt of the first model change information (step S504), thejudgment unit 360 m included in the mobile phone A 300 m reads theunique information from the unique information storage unit 310 m (stepS505), and transmits the read unique information to the model changedevice 500 m via the PC 650 and the Internet 10 (step S506). Thejudgment unit 360 m then deletes the unique information from the uniqueinformation storage unit 310 m (step S507).

Upon receipt of the unique information from the mobile phone A 300 m(step S506), the transmission/reception unit 505 of the model changedevice 500 m generates the second model change information (step S508),and transmits the generated second model change information to themobile phone B 300 n (step S509).

Upon receipt of the second model change information from the modelchange device 500 m (step S509), the judgment unit 360 n of the mobilephone B 300 n extracts the unique information from the second modelchange information, and writes the extracted unique information into theunique information storage unit 310 n (step S510).

(2) Modification

Here, description is given to a modification of the model change system600 m aiming to meet “Requirement B” mentioned above.

In the modification described herein, the unique information stored in amobile phone is generated from unique information other than thetelephone number allotted to that mobile phone. Thus, contents stored inthe memory card have been encrypted not with the telephone number butwith another type of unique information. In other words, the contentsare bound to unique information other than a telephone number, and thenstored in a recording medium.

Further, at the time of cancellation of the contract, the telephonenumber allotted to and stored in the mobile phone to be canceled isdeleted so as to disable the telephone number. Yet, the mobile phonestill holds the unique information so as to allow playback of thecontent.

The modified model change system 600 m has a construction similar to themodel change system 600 m. To be more specific, the modified modelchange system 600 m is composed of the mobile phone A 300 m, the PC 650,and the model change device 500 m. The PC 650 and the model changedevice 500 m are connected to each other via the Internet 10. Here, themobile phone A 300 m is the phone that the user is going to cancel itscontract.

The unique information storage unit 310 m of the mobile phone A 300 mstores information unique to the mobile phone A 300 m, such as a randomnumber allotted to the mobile phone A 300 m, as well as the telephonenumber allotted to the mobile phone A 300 m.

The user connects the mobile phone A 300 m to the PC 650, and performsoperations for canceling the contract of the mobile phone using the PC650.

Upon receipt of the user operation for the cancellation, the PC 650outputs a cancellation instruction to the mobile phone A 300 m.

In response, the judgment unit 360 m of the mobile phone A 300 mreceives the cancellation instruction. Upon receipt of the cancellationinstruction, the judgment unit 360 m reads the telephone number from theunique information storage unit 310 m, and transmits the read telephonenumber to the model change device 500 m via the PC 650 and the Internet10.

In response, the transmission/reception unit 505 of the model changedevice 500 m receives the telephone number via the PC 650 and theInternet 10, and performs processing for the cancellation based on thereceived telephone number.

(3) Modification

Here, description is given to another modification of the model changesystem 600 m aiming to meet “Requirement C” mentioned above.

Generally speaking, when the mobile phone carrier is changed to anotherone, the telephone number is changed as well. For this reason, in themodification described herein, the unique information stored in themobile phone is generated not from the telephone number but from anothertype of unique information. Thus, contents stored in the memory cardhave been encrypted not with the telephone number but with another typeof unique information. In other words, the contents are bound to uniqueinformation other than the telephone number and then stored in arecording medium. Further, the unique information is held stored withinthe mobile phone even after the change of carrier.

The modified model change system 600 m has a construction similar to themodel change system 600 m. To be more specific, the modified modelchange system 600 m is composed of the mobile phone A 300 m, the PC 650,and the model change device 500 m. The PC 650 and the model changedevice 500 m are connected to each other via the Internet 10. Here, themobile phone A 300 m is the phone that the user is going to change itscarrier.

Here, the description is given to the operations of the modified modelchange system 600 m with reference to the flowchart shown in FIG. 26.

The unique information storage unit 310 m of the mobile phone A 300 mstores information unique to the mobile phone A 300 m, such as a randomnumber allotted to the mobile phone A 300 m, as well as the telephonenumber originally allotted to the mobile phone A 300 m.

The user connects the mobile phone A 300 m to the PC 650, and performsoperations for cancellation of the mobile phone using the PC 650.

Upon receipt of the user operation for changing the service provider(step S531), the PC 650 outputs to the mobile phone A 300 m a readinstruction instructing to read the current telephone number (stepS532). In response, the judgment unit 360 m included in the mobile phoneA 300 m reads the current telephone number from the unique informationstorage unit 310 m, and outputs the read current telephone number to thePC 650 (step S534).

In response, the PC 650 receives the current telephone number from themobile phone A 300 m (step S534), generates a carrier changeinstruction, and transmits the generated carrier change instructionalong with the received current telephone number to the model changedevice 500 m via the Internet 10 (step S535).

The transmission/reception unit 505 of the model change device 500 mperforms processing to cancel the contract of the current telephonenumber (step S536). Then, transmission/reception unit 505 performsprocessing to make a new contract with a service provider (step S537),performs an operation for a new telephone number setting (step S538),and transmits the newly set telephone number to the PC 650 via theInternet 10 (step S539).

In response, the PC 650 receives the new telephone number (step S539),and outputs the received new telephone number to the mobile phone A 300m (step S540).

Upon receipt of the new telephone number (step S539), the judgment unit360 m of the telephone number A 300 m deletes the current telephonenumber from the unique information storage unit 310 m (step S541), andwrites the received new telephone number into the unique informationstorage unit 310 m (step S542).

(4) Other Modification

The above description is given to model change systems each of whichmeets “Requirement A, B, or C”. Each of these model change systemsperforms model change, cancellation of the contract, or change of thecarrier via the Internet.

Yet, the techniques employed in the model change systems meeting“Requirement A, B, or C” may be applied to a model change system thatdoes not involve Internet connection. That is to say, the above modelchange system 600 e which does not involve Internet connection may beconstructed to meet the “Requirement A, B, or C”. Similarly, the abovemodel change system 600 g which does not involve Internet connection maybe constructed to meet the “Requirement A, B, or C”.

4.4 Other

The mobile phone in the above embodiment 4 may be constructed to haveits unique information storage unit within a SIM card. In this case,upon model change, the user detaches the SIM card from the mobile phoneA, and attaches the SIM card that is detached from the mobile phone A tothe mobile phone B. Alternatively, upon model change, the model changedevice may perform detachment of the SIM card from the mobile phone Aand attachment of that SIM card to the mobile phone B.

As apparent from the above description, the internal storage unit 303 ofthe mobile phone consistent with the present invention is generallylimited in its memory capacity. Conventionally, this limitation resultsin the following problem. In the case the internal storage unit is fullwith digital works, the user is required to delete some of the digitalworks stored in the internal storage unit to secure a free memory spacebefore purchasing another digital work, or he simply has to give uppurchasing another digital work.

However, according to the present invention, a user is allowed to storesome of the digital works stored in the internal storage area of themain device, i.e., the mobile phone, into a recording medium attachedthe main device when he decides not to use the digital works any timesoon. In this manner, a free memory space is secured in the internalstorage area of the main device without losing the rights to play backthose digital works he has purchased. As a consequence, the user isallowed to purchase and store some more digital works into the internalstorage area.

Further, with the above construction, a content encrypted and stored bya certain main device into a recording medium is not possibly decryptedand played back by any other main device although the recording mediumis attached thereto. That is to say, the present invention achieves aneffect of meeting copyholders' demand that a content stored by a certainmain device into a recording medium device attached thereto beprohibited from being decrypted or played back using any other maindevice although the recording medium device is attached thereto.

Still further, the present invention achieves the effect that a contentprovided with a certain usage condition is permitted to be played backonly when the usage condition is met.

Still further, the present invention achieves the following effect uponmodel change from a certain main device to another main device. That is,a new main device that has replaced an originally used main device ispermitted to read and playback the contents that have been purchased andstored in a recording medium device by the original main device withoutapplying processing to the contents.

5. Preferred Embodiment 5

Now, description is given to a digital work distribution system 100 i(not illustrated) consistent with preferred embodiment 5 of the presentinvention.

The digital work distribution system 100 i has a construction similar tothat of the digital work distribution system 100. Thus, description isgiven mainly to the differences with the digital work distributionsystem 100.

The digital work distribution system 100 i includes a mobile phone 300 iand a memory card 400 i or a memory card 400 p instead of the mobilephone 300 and the memory card 400, respectively.

The user attaches either of the memory cards 400 i or 400 p to themobile phone 300 i.

5.1 Construction of Memory Card 400 i

As shown in FIG. 27, the memory card 400 i is composed of a type storageunit 414, an authentication unit 490, a first external storage unit 412,and a second external storage unit 411.

The type storage unit 414 prestores information showing a second typethat is the type of the memory card 400 i.

The authentication unit 490 performs challenge-response type mutualauthentication with the authentication unit 390 included in the mobilephone 300 i.

The first external storage unit 412 has a storage area for storing theencrypted content.

The second external storage unit 411 is a memory unit that is permittedto be read and written from another end, i.e., the mobile phone 300 ionly after authentication by the authentication unit 490 has beensuccessfully performed. The second external storage unit 411 has astorage area for storing encrypted concatenated information, which willbe described later.

5.2 Construction of Memory Card 400 p

As shown in FIG. 27, the memory card 400 p is composed of a type storageunit 415 and an external storage unit 410.

The type storage unit 415 prestores information showing a first typethat is the type of the memory card 400 p.

The first external storage unit 410 has a storage area for storing theencrypted content.

Here, the memory card 400 i and the memory card 400 p differ in that thememory card 400 i has the authentication unit while the memory card 400p does not.

5.3 Mobile Phone 300 i

As shown in FIG. 27, the mobile phone 300 i includes a firstencryption/decryption unit 382 and a second encryption/decryption unit381 instead of the encryption/decryption unit 380 that the mobile phone300 includes. Further, the mobile phone 300 i includes a type read unit391 and the authentication unit 390. In other respects, the mobile phone300 i includes components similar to those of the mobile phone 300.

(1) Type Read Unit 391

When either the memory card 400 i or the memory card 400 p is attachedto the mobile phone 300 i, the type read unit 391 reads the second typeinformation from the type storage unit 414 of the memory card 400 i ifthe memory card 400 i is attached, or reads the first type informationfrom the type storage unit 415 of the memory card 400 p if the memorycard 400 p is attached.

Successively, the type read unit 391 outputs the first type informationor second type information whichever is read to the control unit 366 i.

(2) Control Unit 366 i

The control unit 366 i receives the first type information or the secondtype information from the type read unit 391.

In the case of receiving the first type information, the control unit366 i instructs the first encryption/decryption unit 382 to performencryption/decryption processing.

In the case of receiving the second type information, the control unit366 i first instructs the authentication unit 390 to perform mutualauthentication with the memory card 400 i. Upon receiving informationindicative of successful authentication from the authentication unit390, the control unit 366 i instructs the second encryption/decryptionunit 381 to perform encryption/decryption processing. Alternatively,upon receiving information indicative of unsuccessful authenticationfrom the authentication unit 390, the control unit 366 i terminates theprocessing.

(3) Authentication Unit 390

Upon receipt of an authentication instruction from the control unit 366i, the authentication unit 390 performs challenge-response type mutualauthentication with the authentication unit 490 of the memory card 400i, and then outputs to the control unit 366 i information showingwhether the authentication has been performed successfully orunsuccessfully.

(4) Second Encryption/Decryption Unit 381

The second encryption/decryption unit 381 has a construction similar tothat of the encryption/decryption unit 380 b.

That is, the second encryption/decryption unit 381 generates a titlekey, and encrypts the title key using a unique key to generate anencrypted title key. The second encryption/decryption unit 381 alsoencrypts a content using the title key to generate an encrypted content.

In addition, the second encryption/decryption unit 381 decrypts theencrypted title key that is read from the memory card 400 i to generatethe title key, and then decrypts the encrypted content that is read fromthe memory card 400 i using the generated title key to generate thecontent.

(5) First Encryption/Decryption Unit 382

The first encryption/decryption unit 382 has a construction similar tothe encryption/decryption unit 380.

That is, the first encryption/decryption unit 382 encrypts a contentusing a unique key to generate an encrypted content. Alto, theencryption/decryption unit 382 decrypts the encrypted content that isread from the memory card 400 p using the unique key to generate thecontent.

5.4 Operations of Digital Work Distribution System 100 i

Now, description is given to the operations of digital work distributionsystem 100 i with reference to the flowchart shown in FIG. 28.

When either the memory card 400 i or the memory card 400 p is attachedto the mobile phone 300 i, the type read unit 391 reads the second typeinformation from the type storage unit 414 of the memory card 400 i ifthe memory card 400 i is attached, or reads the first type informationfrom the type storage unit 415 of the memory card 400 p if the memorycard 400 p is attached. The type read unit 391 outputs the read firsttype information or second type information to the control unit 366 i(step 5351).

Upon receipt of the first type information (step S352), the control unit366 i instructs the first encryption/decryption unit 382 to performencryption/decryption processing. In response, the firstencryption/decryption unit 382 performs encryption/decryption processing(step S358).

On the other hand, upon receipt of the second type information (stepS352), the control unit 366 i first instructs the authentication unit390 to perform mutual authentication. In response, the authenticationunit 390 authenticates the authentication unit 490 of the memory card400 i (step S353). When the authentication is successful (step 5354,YES), the authentication unit 390 waits for the authentication unit 490of the memory card 400 i to authenticate the authentication unit 390(step S355). When the authentication by the authentication unit 490 issuccessful (step 5356, YES), the control unit 366 i instructs the secondencryption/decryption unit 381 to perform encryption/decryptionprocessing. In response, the second encryption/decryption unit 381performs encryption decryption processing (step S357).

In the case authentication in the step S354 or in the step S356 isunsuccessful, the control unit 366 i terminates the processing.

5.5 Overview

As described above, in embodiment 5, the mobile phone judges whether amemory card attached thereto includes an authentication unit based onthe memory card type. When judging that the memory card includes anauthentication unit, the mobile phone performs encryption/decryptionprocessing with the second encryption/decryption unit. Alternatively,when judging that the memory card does not include an authenticationunit, the mobile phone performs encryption/decryption processing withthe first encryption/decryption unit.

6. Preferred Embodiment 6

Now, description is given to a digital work distribution system 100 j(not illustrated) consistent with preferred embodiment 6 of the presentinvention.

The digital work distribution system 100 j has a construction similar tothat of the digital work distribution system 100 c. Thus, description isgiven mainly to the differences with the digital work distributionsystem 100 c.

The digital work distribution system 100 j includes a contentdistribution server device 200 j, a mobile phone 300 i, and a memorycard 400 j instead of the content distribution server device 200, themobile phone 300, and the memory card 400, respectively. The digitalwork distribution system 100 j further includes a payment device (notillustrated). The content distribution server device 200 j and thepayment device are connected to each other via the Internet 10.

(1) Content Distribution Server Device 200 j

As shown in FIG. 29 by way of example, the content storage unit 201 ofthe content distribution server device 200 j includes a rightinformation table 610.

The right information table 610 has a plurality of storage areas eachfor storing usage information composed of a user ID and usage rightinformation. The user ID is an identifier for identifying a user.

The content ID is an identifier for identifying a content.

The usage right information is the right of the user to use the content.

(2) Memory Card 400 j

As shown in FIG. 30 by way of example, the memory card 400 j includes afirst external storage unit 412 j and a second external storage unit 411j.

The first external storage unit 412 j has a storage area for storing anencrypted content. The second external storage unit 411 j has a storagearea for storing usage information composed of the content ID and theusage right information.

Note that the second external storage unit 411 j is readable andwritable only after the mobile phone 300 j and the memory card 400 j aremutually authenticated.

(3) Mobile Phone 300 j

The mobile phone 300 j prestores the user identifier for identifying theuser of the mobile phone 300 j.

(4) Operations of Digital Work Distribution System 100 j

With reference to the flowchart shown in FIGS. 31 and 32, description isgiven to the operations of the digital work distribution system 100 j.

First, description is given to the operations performed to obtain acontent from the content distribution server device 200 j.

Upon receipt of a content ID from the input unit 365, the contentpurchasing unit 301 of the mobile phone 300 j transmits to the contentdistribution server device 200 j the content ID together with the userID that is stored therein (step S371).

Upon receipt of the user ID and the content ID (step S371), the contentdistribution server device 200 j calculates a content fee using thereceived content ID (step S372), and transmits to the payment device theuser ID, the content, ID and the calculated content fee (step S373).

Upon receipt of the user ID, the content ID, and the content fee (stepS373), the payment device performs the payment processing for the useridentified by the received user ID to make the payment according to thereceived content fee, and generates a payment certificate (step S374),and transmits the user ID, the content ID, and the payment certificateto the content distribution server device 200 j (step S375).

Upon receipt of the user ID, the content ID, and the payment certificate(step S375), the content distribution server device 200 j reads thecontent that corresponds to the received content ID from the contentstorage unit 201 (step S376), generates the usage right information forthe read content (step S377), and writes the received user ID andcontents ID in association with the generated usage right informationinto the right information table 610 provided in the content storageunit 201 (step S378). Next, the content distribution server device 200 jtransmits the read content, the generated usage right information, andthe received content ID to the mobile phone 300 j (step S379).

Upon receipt of the content, the usage right information, and thecontent ID (step S379), the mobile phone 300 j encrypts the receivedcontent and stores the encrypted content into the first external storageunit 412 j included in the memory card 400 j (step S380). Further, themobile phone 300 j writes the received usage right information andcontent ID in association with each other into the second externalstorage unit 411 j included in the memory card 400 j (step S381).

Next, description is given to the operations for re-obtaining the onceobtained content in the case where, for example, the user deletes theencrypted content stored in the memory card 400 j by mistake.

The mobile phone 300 j reads the content ID together with thecorresponding usage right information from the second external storageunit 411 j included in the memory card 400 j (step S391), and transmitsto the content distribution sever device 200 j the read content ID andusage right information together with the user ID (step S392).

Upon receipt of the user ID, the content ID, and the usage rightinformation (step S392), the content distribution server device 200 jjudges whether the right information table 610 includes the same set ofuser ID and content ID as the received set (step S393). When judgingthat the same set of user ID and content ID are present in the rightinformation table 610 (step S393, YES), the content distribution serverdevice 200 j reads from the content storage unit 201 the contentcorresponding to the received content ID (step S394), and then transmitsthe read content to the mobile phone 300 j (step S395).

In response, the mobile phone 300 j receives the content (step S395),and encrypts the received content to write into the memory card 400 j(step S396).

Alternatively, when judging that the same set of user ID and content IDas the received set is not present in the right information table 610(step 393, NO), the content distribution server device 200 j discardsthe received user ID, content ID, and usage right information, andperforms no other operations.

7. Preferred Embodiment 7

Now, description is given to a digital work distribution system 100 k(not illustrated) consistent with preferred embodiment 7 of the presentinvention.

The digital work distribution system 100 k has a construction similar tothe digital work distribution system 100 c. Thus, description is givenmainly to the differences with the digital work distribution system 100c.

The digital work distribution system 100 k includes a contentdistribution server device 200 k, a mobile phone 300 k, and a memorycard 400 k instead of the content distribution server device 200 c, themobile phone 300 c, and the memory card 400, respectively.

(1) Content Distribution Server Device 200 k

As shown in FIG. 33 as one example, the content storage unit 201 of thecontent distribution server device 200 k includes a content informationtable 620.

The content information table 620 includes a plurality of sets ofcontent information each composed of a content ID, a correspondingcontent, and a corresponding type of unique information.

The content ID is an identifier for identifying the content.

The content is a digital work such as a piece of music or a movie.

The type of unique information shows what unique information is to beused to encrypt the content upon being stored into the memory card 400k. A shown in the figure, the type of unique information in this exampleshows either “medium unique” type or “device unique” type.

(2) Memory Card 400 k

As shown in FIG. 34, the memory card 400 k includes the authenticationunit 490, a first external storage unit 412 k, and a second externalstorage unit 411 k.

The first external storage unit 412 k prestores medium uniqueinformation which is the information unique to the memory card 400 k.Further, the second external storage unit 411 k has storage areas forstoring the unique information type and the encrypted content inassociation with each other.

The authentication unit 490 performs challenge-response type mutualauthentication with the authentication unit 390 of the mobile phone 300k.

(3) Mobile Phone 300 k

As shown in FIG. 34, the mobile phone 300 k includes a firstencryption/decryption unit 382 and a third encryption/decryption unit383 instead of the encryption/decryption unit 380 included in the mobilephone 300. The mobile phone 300 k further includes the authenticationunit 390. With other respect, the mobile phone 300 k includes the samecomponents as those included in the mobile phone 300.

(Unique Information Storage Unit 310)

The unique information storage unit 310 prestores device uniqueinformation that is generated based on information unique to the mobilephone 300 k.

(Authentication Unit 390)

The authentication unit 390 performs challenge-response type mutualauthentication with the authentication unit 490 of the memory card 400k, and then outputs to the control unit 366 k information showingwhether the authentication has been performed successfully orunsuccessfully.

(Control Unit 366 k)

The control unit 366 k receives from the authentication unit 390 theinformation indicative of either successful authentication orunsuccessful authentication.

Upon receipt of information indicative of successful authentication, thecontrol unit 366 k selectively instructs either the firstencryption/decryption unit 382 or the third encryption/decryption unit383 to perform encryption/decryption processing. The selection of thetwo encryption/decryption units is made according to the uniqueinformation type.

(First Encryption/Decryption Unit 382)

The first encryption/decryption unit 382 has the construction similar tothat of the encryption/decryption unit 380.

That is, the first encryption/decryption unit 382 encrypts the contentusing the device unique information to generate an encrypted content.Further, the first encryption/decryption unit 382 decrypts the encryptedcontent that has been read from the memory card 400 k using the deviceunique information to generate the content.

(Third Encryption/Decryption Unit 383)

The third encryption/decryption unit 383 reads the medium uniqueinformation stored in the second external storage unit 411 k included inthe memory card 400 k.

Upon encryption, the third encryption/decryption unit 383 encrypts thecontent using the read medium unique information as a key to generate anencrypted content, and stores the encrypted content in association withthe unique information type showing “medium unique” type into the firstexternal storage unit 412 k of the memory card 400 k.

Upon decryption, the third encryption/decryption unit 383 uses the readmedium unique information as a key to decrypt the encrypted content thathas been read from the first external storage unit 412 k, thereby togenerate the content.

(4) Operations of Digital Work Distribution System 100 k

Now, description is given to the operations of the digital workdistribution system 100 k with reference to the flowcharts shown inFIGS. 35 and 36.

First, description is given to the operations performed when the mobilephone 300 k obtains a content and writes the content into the memorycard 400 k.

The mobile phone 300 k transmits to the content distribution serverdevice 200 k the content ID identifying the content to be obtained (stepS421). The content distribution server device 200 k extracts from thecontent information table 620 the content information having the samecontent ID as the received content ID (step 5422), and transmits thecontent and the type of unique information that are included in theextracted content information to the mobile phone 300 k (step S423).

The authentication unit 390 performs mutual authentication with thememory card 400 k (step S424). When the mutual authentication issuccessfully performed (step S425, YES), the control unit 366 k receivesthe content and the type of unique information. When judging that thetype of unique information that has been received shows “device unique”type (step S426), the control unit 366 k instructs the firstencryption/decryption unit 382 to perform encryption processing. Inresponse, the first encryption/decryption unit 382 reads the deviceunique information from the unique information storage unit 310 (stepS427), and reads the content from the internal storage unit 303. Thefirst encryption/decryption unit 382 then encrypts the read contentusing the device unique information as a key (step S428), and stores theencrypted content in association with the type of unique informationshowing the “device unique” type into the first external storage unit412 k of the memory card 400 k (step S429).

Alternatively, when judging that the type of unique information shows“medium unique” type (step S426), the control unit 366 k instructs thethird encryption/decryption unit 383 to perform encryption processing.In response, the third encryption/decryption unit 383 reads the mediumunique information from the second external storage unit 411 k includedin the memory card 400 k (step S430), and reads the content from theinternal storage unit 303. The third encryption/decryption unit 383 thenencrypts the read content using the read medium unique information as akey (step S431), and stores the encrypted content in association withthe type of unique information showing the “medium unique” type into thefirst external storage unit 412 k included in the memory card 400 k(step S432).

In the case where the mutual authentication between the memory card andthe authentication unit 390 has failed (step S425, NO), the processingis terminated at this stage.

Next, description is given to the processing performed when the mobilephone 300 k decrypts to play back the encrypted content stored in thememory card 400 k.

The authentication unit 390 of the mobile phone 300 k performs mutualauthentication with the memory card 400 k (step S441). When the mutualauthentication is successfully performed (step 5442, YES), the read unitreads the encrypted content together with the type of unique informationfrom the first external storage unit 412 k included in the memory card400 k, and outputs the type of unique information to the control unit366 k (steps 443). Upon receipt of the type of unique information, thecontrol unit 366 k judges whether the received type information showsthe “device unique” type or the “medium unique” type (step S444). Whenjudging the type of unique information is “device unique”, the controlunit 366 k instructs the first encryption/decryption unit 382 to performdecryption processing (step S445). In response, the firstencryption/decryption unit 382 reads the device unique information fromthe unique information storage unit 310 (step S445), and receives theencrypted content from the read unit 350. The firstencryption/decryption unit 382 then decrypts the encrypted content usingthe read device unique information as a key (step 5446), and writes thedecrypted content into the internal storage unit 303. Then, the playbackunit 304 plays back the content (step S447).

Alternatively, when judging in the step 5444 that the type of uniqueinformation is “medium unique”, the control unit 366 k instructs thethird encryption/decryption unit 383 to perform decryption processing.In response, the third encryption/decryption unit 383 reads via the readunit 350, the medium unique information from the second external storageunit 411 k included in the memory card 400 k (step 5448), and receivesthe encrypted content from the read unit 350. The thirdencryption/decryption unit 383 then decrypts the encrypted content usingthe read medium unique information (step S449), and writes the decryptedcontent into the internal storage unit 303. Then, the playback unit 304plays back the content (step S450).

8. Recapitulation

As described above, the present invention is directed to a digital workprotection system that is for recording and playing back contents, i.e.,digital works, and that is composed of a main device and a recordingmedium device attachable to and detachable from the main device. Themain device includes: an internal storage area for storing a content; aunique information storage area for storing unique information that isunique to the main device; an encryption unit that encrypts the contentstored in the internal storage area using the unique information storedin the internal storage area; a write unit that writes the contentencrypted by the encryption unit into the recording medium device; aread unit for reading the encrypted content from the recording mediumdevice; a decryption unit that decrypts the encrypted content havingread by the read unit; and a playback unit that plays back the content.The recording medium device has an external storage area for storing theencrypted content that is written by the write unit of the main deviceor read by the read unit of the main device.

Here, the encryption unit of the main device encrypts the title key thatis unique to the content using the unique information, and encrypts thecontent using the title key. The write unit writes the encrypted contentand the encrypted title key both encrypted by the encryption unit intothe recording medium device. The read unit reads the encrypted contentand the encrypted title key from the recording medium device. Thedecryption unit decrypts the encrypted title key using the uniqueinformation, and decrypts the encrypted content using the decryptedtitle key. The recording medium device stores the encrypted content andthe encrypted title key that are written by the write unit of the maindevice or read by the read unit of the main device.

Here, the main device further includes: a usage condition storage areaand a usage condition judgment unit. The usage condition storage areastores usage condition data for the content, and the usage conditionjudgment unit judges, according to the usage condition data, whether toplay back the content.

Here, the main device further includes an authentication unit. Therecording medium device includes an authentication unit. The externalstorage area includes a first external storage area and a secondexternal storage area. Prior to the main device writing the encryptedtitle key into the recording medium device or the main device readingthe encrypted title key from the recording medium device, theauthentication unit of the main device authenticates the recordingmedium device and the authentication unit of the recording medium deviceauthenticates the main device. When both the authentication operationsare performed successfully, the writing or the reading of the encryptedtitle key is performed. The recording medium device stores the encryptedcontent and the encrypted title key into the first external storage areaand the second external storage area, respectively.

Here, the main device further includes a usage condition judgment unit.Prior to the main device writing usage condition data for the contentinto the recording medium device or the main device reading the usagecondition data from the recording medium device, the authentication unitof the main device authenticates the recording medium device and theauthentication unit of the recording medium device authenticates themain device. When both the authentication operations are successful, thewriting or the reading of the usage condition data is performed. Theusage condition judgment unit judges whether to play back the contentaccording to the usage condition data. The recording medium devicestores the usage condition data into the second external storage area.

Here, the usage condition data includes information for limiting thenumber of times permitted to play back the content, information forlimiting the time period permitted to play back the content, orinformation for limiting the total time permitted to play back thecontent.

Here, the main device further includes a content purchasing unit and acontent receiving unit. The content purchasing unit purchases a contentfrom an external source. The content receiving unit receives the contentthat has been purchased to store the received content into the internalstorage area.

Here, the main device further includes a content judgment unit. Thecontent judgment unit judges whether the content stored in the internalstorage unit is permitted to be encrypted by the encryption unit usingthe unique information and to be written by the write unit into therecording medium device.

Here, the main device further includes a recording mediumdevice-judgment unit. The recording medium device-judgment unit judgeswhether a recording medium device attached to the main device is therecording medium device that is permitted to encrypt the content storedin the internal storage area with the encryption unit using the uniqueinformation and to write the encrypted content with the write unit intothe recording medium device.

Here, the unique information storage area and the usage conditionstorage area are write-protected and read-protected against any externaldevices other than a model change device that is specifically permittedto read or write the unique information and the usage condition data.

In another aspect, the present invention is directed to a main devicewhich a recording medium device is attachable to or detachable from. Themain device includes: an internal storage area that stores a content; aunique information storage area that stores unique information beingunique to the main device; an encryption unit that encrypts a title keybeing unique to the content using the unique information and encryptsthe content using the title key; a write unit that writes the encryptedcontent and the encrypted title key both encrypted by the encryptionunit; a read unit that reads the encrypted content and the encryptedtitle key from the recording medium device; a decryption unit thatdecrypts the encrypted title key using the unique information anddecrypts the encrypted content using the decrypted title key; and aplayback unit that plays back the content.

Here, the main device further includes an authentication unit. Prior tothe main device writing the encrypted title key into the recordingmedium device or reading the encrypted title key from the recordingmedium device, the authentication unit of the main device performsmutual authentication with the recording medium device. The writing orthe reading of the encrypted title key is performed only when the mutualauthentication is successful.

In another aspect, the present invention is directed to a recordingmedium device that is attachable to or detachable from a main device.The recording medium device has an external storage area for storing anencrypted content and an encrypted title key that are written or read bya write unit of the main device or a read unit of the main device.

Here, the recording medium device further includes an authenticationunit. Prior to the main device writing the encrypted title key into therecording medium device or reading the encrypted title key from therecording medium device, the authentication unit of recording mediumdevice performs mutual authentication with the main device. Theencrypted title key is written into the second external storage areaonly when the mutual authentication is successful.

In another aspect, the present invention includes a unique informationread/write unit that is specifically permitted to read uniqueinformation from the unique information storage area of a first maindevice, and write the read unique information into the uniqueinformation storage unit of a second main device.

Here, the model change device further includes a usage conditionread/write unit that is specifically permitted to read usage conditiondata from the usage condition storage area of the first main device towrite the read usage condition data into the usage condition storagearea of the second main device provided that each of the first maindevice and the second main device separately has the usage conditionstorage area.

Here, the model change device is connected to the main device via anetwork on a regular basis or when necessary. The main device furtherincludes a model change information-judgment unit that judges theauthenticity of the model change information. The model change devicetransmits the model change information to the main device according tocontract condition data of the main device. The model changeinformation-judgment unit of the main device judges the authenticity ofthe received model change information. The model change device furtherincludes a unique information read/write unit. When the authenticity ofthe received model change information is established by the model changeinformation-judgment unit, the unique information read/write unit writesthe unique information that is included in the model change informationand that is unique to the main device into the unique informationstorage unit of the main device, or deletes the unique information.

Here, a second recording medium device is attached to the main device.The second recording medium device includes: a unique informationstorage area for storing the unique information of the main device; anda unit used to attach the second recording medium device having beenattached to the first main device to the second main device.

In a digital work protection system, a main device, a recording mediumdevice, and a model change device that are consistent with the presentinvention, the internal storage area of the main device inmost cases islimited in its memory capacity. Thus, this limitation conventionallyresults in the following problem. That is, when the internal storagearea is full of digital works, the user is required to delete some ofthe digital works stored in the internal storage area to secure a freememory space before purchasing another digital work, or the user isrequired to simply give up purchasing another digital work. According tothe present invention, however, the user is allowed to store some of thedigital works stored in the internal storage unit into a recordingmedium device attached to the main device when he decides not to use thedigital works anytime soon. In this way, a free memory space is securedin the internal storage area of the main device without losing therights to play back the purchased digital works. Consequently, anotherdigital work may be purchased.

Further, with the above construction, when an encrypted content isstored into a recording medium device by a certain main device, theencrypted content is not possibly decrypted or played back by any othermain device although the recording medium device is attached thereto.That is, the present invention achieves an effect of meetingcopyholders' demand that a content stored into a recording medium deviceusing a main device be prohibited from being decrypted or played backusing any other main device although the recording medium device isattached thereto.

Still further, the present invention achieves an effect that a contentprovided with a certain usage condition is permitted to be played backonly when the usage condition is met.

Still further, the present invention achieves the following effect uponmodel change from a certain main device to another main device. That is,a new main device that replaces a current main device is permitted toread and play back the contents that have been purchased and stored in arecording medium device by the current main device without applyingprocessing to the contents.

Up to this point, description has been given to the digital workdistribution systems consistent with the present invention. Yet, it goeswithout saying that the present invention is in no way limited to thosespecific embodiments described above. For example, the followingconstructions may be applicable.

(1) In the embodiments above, description is given to the digital workdistribution system employing a mobile phone, yet the present inventionis not limited thereto. For example, what is applicable instead of amobile phone includes an L-mode-ready tabletop type telephone, aportable information terminal, a personal computer, or a householdappliance, such a television set, that is capable of Internetconnection.

Further, it is described that the content distribution server device 200and the mobile phone 300 are connected via the Internet 10, the mobilephone network 20, and the radio base station 30. Yet, the connection maybe made in another manner. For example, the content distribution serverand the portable information terminal may be connected via the Internet.Alternatively, the content distribution server device may be connectedto a broadcasting device, so that various types of information includingcontents are broadcasted in form of broadcast waves. Here, a householdappliance, such as a television set, receives the broadcast waves, andextracts various types of information from the received broadcast waves.

(2) Although DES encryption algorithm is employed in the embodimentsdescribed above, the applicable encryption algorithm is not limitedthereto. Further, although the unique information used in theembodiments described above is a 56-bit unique key, the bit length isnot limited thereto.(3) Although the content is stored into the memory card in the aboveembodiments, the present invention is not limited thereto. For example,the content may be stored into a recording medium such as an opticaldisk.(4) Although the entire content is encrypted in the above embodiments,it is applicable to encrypt a part of the content.(5) In the above embodiments, the encrypted content stored in the memorycard is decrypted by the main device (i.e., the mobile phone in theabove embodiments), and stored into the internal storage area of themain device. Yet, it is applicable to decrypt the encrypted contentstored in the memory card by the main device and to play back thedecrypted content in real time. Similarly, the content stored in thememory card and provided with the usage condition may be decrypted bythe main device. When the usage condition judgment unit permits thecontent to be used, the decrypted content may be played back by theplayback unit in real time.(6) In the above embodiments, the telephone number is used as theinformation stored in the unique information storage area.

Yet, the present invention is not limited thereto. For example, a serialnumber of a mobile phone may be used as long as the information isunique to the mobile phone.

(7) In the above embodiments, the usage condition is provided on acontent by content basis. Yet, the present invention is not limitedthereto. For example, it is applicable that usage condition permits topurchase up to 100 pieces of karaoke data per month. In this case, whenthe month-by-month basis contract is cancelled, for example, the usagecondition unit prohibits reproduction of the contents stored in thememory card or the internal storage area of the main device startingfrom the next month.(8) In the above embodiments, the content or the title key is alwaysencrypted using the unique information and stored in the memory card.Yet, the present invention is not limited thereto. It is also applicableto provide the mobile phone with a content judgment unit, so that it isselectable depending on the content whether to encrypt the contentitself or the title key using the unique information.(9) In the above embodiments, the model change device moves the uniqueinformation stored in the unique information storage area of the mobilephone A to that of the mobile phone B. Yet, the present invention is notlimited thereto. For example, the model change device may be constructedso as to move the purchased content stored in the internal storage areaof the main device.(10) The mobile phone may obtain, in addition to the content, thecontent judgment information from the content distribution server deviceto store into the internal storage area. Here, the content judgmentinformation shows whether the content is permitted in advance to beencrypted using the unique information and written into the memory card.

The mobile phone may further include the content judgment unit. Thecontent judgment unit judges whether the content internally stored ispermitted in advance to be encrypted by the encryption unit using theunique information and written by the write unit into the memory card.When the content is judged by the content judgment unit to be permitted,the encryption unit performs the encryption. When the content is judgedby the content judgment unit to be permitted, the write unit performsthe writing.

(11) The memory card may further prestore type information showing thetype of the memory card. To be more specific, the type of memory cardused herein shows a type according to the outer shape of the memorycard, a type according to the topology employed for connection with themobile phone, a type according to the manufacturer, a type according tothe memory capacity, a type according to the storage method ofinformation, or a type according to the access method. Further, the typeinformation shows whether the memory card is permitted to encrypt thecontent stored in the mobile phone using the unique information with theencryption unit and to write the encrypted content with the write unitinto the memory card.

The mobile phone further includes the recording medium device-judgmentunit. The recording medium device-judgment unit judges, according to thetype information stored in the memory card, whether a memory cardattached to the mobile phone is the memory card that is permitted inadvance to encrypt the content stored in the mobile phone using theunique information with the encryption unit and to write the encryptedcontent with the write unit into the memory card.

When judging that the content is permitted by the recording mediumdevice-judgment unit, the encryption unit encrypts the content. Whenjudging that the content is permitted by the recording mediumdevice-judgment unit, the write unit writs the content into the memorycard.

(12) The present invention may be embodied as a method described above,or a computer program implementing the above method by a computer, oreven as digital signals representing the above computer program.

Further, the present invention may be embodied as a computer-readablemedium storing the computer program or the digital signals. Here, thecomputer readable medium is, for example, a floppy disc, a hard disc,CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD (Blu-ray Disc), or semiconductormemory. Alternatively, the present invention may be the computer programor the digital signals that are stored on such recording medium asabove.

Further, the present invention may be embodied as the computer programor the digital signals transmitted via a telecommunications network, awired or wireless communications line, a network exemplified by theInternet, or the like.

Still further, the present invention may be embodied as a computersystem provided with a microprocessor and memory that stores the abovecomputer program, so that the microprocessor operates in accordance withthe program.

Still further, the computer program or the digital signals may berecorded on any of the above recording medium and transported to anotherlocation. Alternatively, the computer program or the digital signals maybe transmitted via any of the above networks. Thereafter, the computerprogram or the digital signals may be executed by another, independentcomputer system.

(13) Further, the present invention may be embodied as combinations ofthe above modifications.

Although the present invention has been fully described by way ofexamples with reference to the accompanying drawings, it is to be notedthat various changes and modifications will be apparent to those skilledin the art. Therefore, unless such changes and modifications depart fromthe scope of the present invention, they should be construed as beingincluded therein.

1. A digital work protection system for recording and playing backdigital works, comprising: a portable recording medium device includinga storage area; and a record/playback device being usable under acontract between a user and a service provider, the record/playbackdevice including: an internal storage unit that stores a content that isa digital work; a unique information storage unit that prestores deviceunique information to generate encrypted information, the device uniqueinformation indicating the record/playback device and being protectedfrom being written over with an external device of the record/playbackdevice; an encryption unit that, when the stored content is written fromthe internal storage unit to the portable recording medium device,encrypts the stored content based on the prestored device uniqueinformation to generate encrypted information; a write unit that writesthe generated encrypted information into the storage area of theportable recording medium device; a read unit operable to read theencrypted information from the storage area of the portable recordingmedium device; a decryption unit that decrypts the read encryptedinformation based on the prestored device unique information stored inthe unique information storage unit to generate a decrypted content; aplayback unit that plays back the generated decrypted content; whereinthe encrypted information is neither decrypted nor played back by anydevice other than the record/playback device generating the encryptedinformation, wherein a model change device replaces the record/playbackdevice with another record/playback device due to a change in thecontract between the user and the service provider, the device uniqueinformation stored in the unique information storage unit is read, thedevice unique information is deleted from the unique information storageunit and the read device unique information is written into the otherrecord/playback device.
 2. The digital work protection system of claim1, wherein the encryption unit encrypts the stored content using theprestored device unique information as a key to generate the encryptedinformation, and the decryption unit decrypts the read encryptedinformation using the prestored device unique information as a key. 3.The digital work protection system of claim 2, wherein therecord/playback device further includes: a condition storage unit thatstores usage condition information showing a permissive condition foruse of the content; and a condition judgment unit that judges whetheruse of the content is permitted according to the usage conditioninformation.
 4. The digital work protection system of claim 3, whereinthe unique information storage unit and the condition storage unit areread-protected and write-protected against any external device unless adevice is specifically permitted to read or write at least one of theprestored device unique information and the usage condition information,respectively.
 5. The digital work protection system of claim 1, whereinthe encryption unit generates a title key that is unique to the content,encrypts the generated title key using the prestored device uniqueinformation as a key to generate an encrypted title key, encrypts thestored content using the generated title key as a key to generate anencrypted content, and generates the encrypted information that includesthe encrypted title key and the encrypted content, the write unit writesthe generated encrypted information that includes the encrypted titlekey and the encrypted content, the read unit reads the encryptedinformation that includes the encrypted title key and the encryptedcontent, the decryption unit decrypts the encrypted title key includedin the read encrypted information using the prestored device uniqueinformation as a key to generate a decrypted title key, and decrypts theencrypted content included in the read encrypted information using thedecrypted title key as a key to generate the decrypted content, and theportable recording medium device includes the storage area for storingthe encrypted information that includes the encrypted title key and theencrypted content.
 6. The digital work protection system of claim 5,wherein the record/playback device further includes a firstauthentication unit, the portable recording medium device furtherincludes a second authentication unit, the first authentication unitperforms mutual authentication with the second authentication unitincluded in the portable recording medium device before the write unitwrites the generated encrypted information into the storage area orbefore the read unit reads the encrypted information from the storagearea, the second authentication unit performs mutual authentication withthe first authentication unit included in the record/playback device,the storage area includes a first storage area and a second storagearea, the second storage area being writable and readable only when themutual authentication is established by the first authentication unit,the write unit writes the encrypted content into the first storage area,and only when the mutual authentication is established by the firstauthentication unit, write the encrypted title key into the secondstorage area, and the read unit reads the encrypted content from thefirst storage area, and only when the mutual authentication isestablished by the first authentication unit, read the encrypted titlekey from the second storage area.
 7. The digital work protection systemof claim 6, wherein the record/playback device further includes: acondition storage unit that stores usage condition information showing apermissive condition for use of the content; and a condition judgmentunit that judges whether use of the content is permitted according tothe usage condition information.
 8. The digital work protection systemof claim 7, wherein the write unit, only when the mutual authenticationis established by the first authentication unit, reads the usagecondition information from the condition storage unit and write the readusage condition information into the second storage area, the read unit,only when the mutual authentication is established by the firstauthentication unit, reads the usage condition information from thesecond storage area and write the read usage condition information intothe condition storage unit, and the condition judgment unit judgeswhether use of the content is permitted according to the usage conditioninformation stored in the condition storage unit.
 9. The digital workprotection system of claim 8, wherein the usage condition informationstored in the condition storage unit shows at least one of a permittednumber of playback times, a permitted playback period, a permitted totalplayback time, a permitted number of times for copying the content, anda permitted number of times for moving the content, and the conditionjudgment unit (i) judges to play back the content only when at least oneof a number of times of actual playback of the content by the playbackunit is equal to or less than the permitted number of playback times, adate and a time at which the content is to be played back by theplayback unit is within the permitted playback period, and a total timeof actual playback is equal to or less than the permitted total playbacktime, (ii) judges to copy the content to the portable recording mediumdevice only when the permitted number of times for copying the contentis equal to or greater than 1, and (iii) judges to move the content tothe portable recording medium device only when the permitted number oftimes for moving the content is equal to or greater than
 1. 10. Thedigital work protection system of claim 7, wherein the uniqueinformation storage unit and the condition storage unit areread-protected and write-protected against any external device unless adevice is specifically permitted to read or write at least one of theprestored device unique information and the usage condition information,respectively.
 11. A digital work protection system for recording andplaying back digital works, the digital work protection systemcomprising: a portable recording medium device being usable under acontract between a user and a service provider, the record/playbackdevice including: an internal storage unit that stores a content that isa digital work; a unique information storage unit that prestores deviceunique information to generate encrypted information, the device uniqueinformation indicating the record/playback device and being protectedfrom being written over with an external device of the record/playbackdevice; an authentication judgment unit operable to judge whether theportable recording medium device includes a second authentication unit;a first authentication unit that performs mutual authentication with thesecond authentication unit in the portable recording medium, if theportable recording medium includes the second authentication unit; anencryption unit that (i) generates a title key that is unique to thecontent, encrypts the generated title key using the prestored deviceunique information as a key to generate an encrypted title key, encryptsthe stored content using the generated title key as a key to generate anencrypted content, and generates encrypted information that includes theencrypted title key and the encrypted content, if the portable recordingmedium is judged to include the second authentication unit and (ii)encrypts the stored content using the prestored device uniqueinformation as a key to generate the encrypted information, if theportable recording medium device is judged not to include the secondauthentication unit; a write unit that writes the generated encryptedinformation into the storage area of the portable recording mediumdevice; a read unit that reads the encrypted information from thestorage area of the portable recording medium device; a decryption unitthat (i) decrypts the encrypted title key included in the read encryptedinformation using the prestored device unique information as a key togenerate a decrypted title key, and decrypts the encrypted contentincluded in the read encrypted information using the decrypted title keyas a key to generate the decrypted content, if the portable recordingmedium device is judged to include the second authentication unit, and(ii) decrypt the read encrypted information using the prestored deviceunique information as a key, if the portable recording medium device isjudged not to include the second authentication unit, wherein theencrypted information is neither decrypted nor played back by any deviceother than the record/playback device generating the encryptedinformation, wherein a model change device replaces the record/playbackdevice with another record/playback device due to a change in thecontract between the user and the service provider, the device uniqueinformation stored in the unique information storage unit is read, thedevice unique information is deleted from the unique information storageunit and the read device unique information is written into the otherrecord/playback device.
 12. The digital work protection system of claim1, wherein the record/playback device further includes: a contentpurchasing unit that purchases the content by transmitting paymentinformation to an external source for paying a fee for the content; anda content receiving unit that receives the content that has beenpurchased, and writes the received content into the internal storageunit.
 13. The digital work protection system of claim 1, wherein therecord/playback device further includes a content judgment unit thatjudges whether a content stored in the internal storage unit is acontent that has received permission in advance for the encryption unitto encrypt the content based on the prestored device unique information,and for the write unit to write the encrypted information into theportable recording medium device, the encryption unit performs theencryption when the content judgment unit judges the content to have thepermission, and the write unit performs the writing when the contentjudgment unit judges the content to have the permission.
 14. The digitalwork protection system of claim 1, wherein the record/playback devicefurther includes a recording medium device judgment unit that judgeswhether a portable recording medium device attached to therecord/playback device is a portable recording medium device that hasreceived permission in advance for the encryption unit to encrypt thecontent stored in the internal storage unit based on the prestoreddevice unique information, and for the write unit to write the encryptedinformation into the portable recording medium device, and theencryption unit performs the encryption when the recording medium devicejudgment unit judges the portable recording medium device to have thepermission, and the write unit performs the writing when the recordingmedium device judgment unit judges the portable recording medium deviceto have the permission.
 15. The digital work protection system of claim1, wherein the portable recording medium device prestores medium uniqueinformation that is unique to the portable recording medium device, theinternal storage unit stores a unique information type in associationwith the content, the unique information type showing whether thecontent is to be encrypted based on the device unique information or themedium unique information, the record/playback device further includes aunique information judgment unit that judges, according to the uniqueinformation type stored in the internal storage unit, whether thecontent is to be encrypted based on the prestored device uniqueinformation or the prestored medium unique information, the encryptionunit (i) encrypts the stored content based on the prestored deviceunique information to generate the encrypted information when the uniqueinformation judgment unit judges that the content is to be encryptedbased on the prestored device unique information, and (ii) reads theprestored medium unique information from the portable recording mediumdevice to encrypt the stored content based on the read medium uniqueinformation to generate the encrypted information when the uniqueinformation judgment unit judges that the content is to be encryptedbased on the medium unique information, and the decryption unit (i)decrypts the read encrypted information based on the prestored deviceunique information to generate the decrypted content when the uniqueinformation judgment unit judges that the content is to be encryptedbased on the prestored device unique information, and (ii) reads theprestored medium unique information from the portable recording mediumdevice to decrypt the read encrypted information based on the readmedium unique information to generate the decrypted content when theunique information judgment unit judges that the content is to beencrypted based on the prestored medium unique information.
 16. Arecord/playback device for recording content that is a digital work intoa portable recording medium device and for playing back the content, therecord/playback device being usable under a contract between a user anda service provider, the record/playback device comprising: an internalstorage unit that stores a content that is a digital work; a uniqueinformation storage unit that prestores device unique information togenerate encrypted information, the device unique information indicatingthe record/playback device and being protected from being written overwith an external device of the record/playback device; an encryptionunit that, when the stored content is written from the internal storageunit to the portable recording medium device, encrypts the storedcontent based on the prestored device unique information to generateencrypted information; a write unit that writes the generated encryptedinformation into the storage area of the portable recording mediumdevice; a read unit operable to read the encrypted information from thestorage area of the portable recording medium device; a decryption unitthat decrypts the read encrypted information based on the prestoreddevice unique information stored in the unique information storage unitto generate a decrypted content; a playback unit that plays back thegenerated decrypted content; wherein the encrypted information isneither decrypted nor played back by any device other than therecord/playback device generating the encrypted information, wherein amodel change device replaces the record/playback device with anotherrecord/playback device due to a change in the contract between the userand the service provider, the device unique information stored in theunique information storage unit is read, the device unique informationis deleted from the unique information storage unit and the read deviceunique information is written into the other record/playback device. 17.The record/playback device of claim 16, wherein the encryption unitencrypts the stored content using the prestored device uniqueinformation as a key to generate the encrypted information, and thedecryption unit decrypts the read encrypted information using theprestored device unique information as a key.
 18. The record/playbackdevice of claim 16, wherein the encryption unit generates a title keythat is unique to the content, encrypts the generated title key usingthe prestored device unique information as a key to generate anencrypted title key, encrypts the stored content using the generatedtitle key as a key to generate an encrypted content, and generates theencrypted information that includes the encrypted title key and theencrypted content, the write unit writes the generated encryptedinformation that includes the encrypted title key and the encryptedcontent, the read unit reads the encrypted information that includes theencrypted title key and the encrypted content, and the decryption unitdecrypts the encrypted title key included in the read encryptedinformation using the prestored device unique information as a key togenerate a decrypted title key, and decrypts the encrypted contentincluded in the read encrypted information using the decrypted title keyas a key to generate the decrypted content.
 19. The record/playbackdevice of claim 18, further comprising a first authentication unit thatperforms mutual authentication with a second authentication unitincluded in the portable recording medium device before the write unitwrites the generated encrypted information into the storage area orbefore the read unit reads the encrypted information from the storagearea, and wherein the portable recording medium device further includesthe second authentication unit that performs mutual authentication withthe first authentication unit included in the record/playback device,the storage area includes a first storage area and a second storagearea, the second storage area being writable and readable only when themutual authentication is established by the first authentication unit,the write unit writes the encrypted content into the first storage area,and only when the mutual authentication is established by the firstauthentication unit, writes the encrypted title key into the secondstorage area, and the read unit reads the encrypted content from thefirst storage area, and only when the mutual authentication isestablished by the first authentication unit, reads the encrypted titlekey from the second storage area.
 20. A model change device forreplacing a first record/playback device with a second record/playbackdevice due to change in a contract between a user and a serviceprovider, the first record/playback device being usable under thecontract, wherein the first record/playback device includes: a firstinternal storage unit that stores a content that is a digital work; afirst unique information storage unit that prestores first device uniqueinformation to generate first encrypted information, the first deviceunique information indicating the first record/playback and beingprotected from being written over with an external device of the firstrecord/playback device other than the model change device; a firstencryption unit that, when the stored content is written from the firstinternal storage unit to a recording medium device, encrypts the contentstored in the first internal storage unit based on the first deviceunique information stored in the first unique information storage unitto generate the first encrypted information; a first write unit thatwrites the generated first encrypted information into a storage area ofthe recording medium device; a first read unit that reads the firstencrypted information from the storage area of the recording mediumdevice to the first record/playback device; a first decryption unit thatdecrypts the read first encrypted information based on the first deviceunique information stored in the first unique information storage unitto generate a decrypted content; and a first playback unit that playsback the generated decrypted content, wherein the first encryptedinformation is neither decrypted nor played back by any device otherthan the first record/playback device generating the first encryptedinformation, and the second record/playback device includes: a secondinternal storage unit that stores a content that is a digital work; asecond unique information storage unit that prestores second deviceunique information to generate second encrypted information, the seconddevice information indicating the second record/playback device andbeing protected from being written over with an external device of thesecond record/playback device; a second encryption unit that, when thestored content is written from the second internal storage unit to therecording medium device, encrypts the content stored in the secondinternal storage unit based on the second device unique informationstored in the second unique information storage unit to generate thesecond encrypted information; a second write unit that writes thegenerated second encrypted information into the storage area of therecording medium device; a second read unit that reads the secondencrypted information from the storage area of the recording mediumdevice to the second record/playback device; a second decryption unitthat decrypts the read second encrypted information based on the seconddevice unique information stored in the second unique informationstorage unit to generate a decrypted content; and a second playback unitthat plays back the generated decrypted content, wherein the secondencrypted information is neither decrypted nor played back by any deviceother than the second record/playback device generating the secondencrypted information, the model change device comprising: a third readunit that reads the first device unique information stored in the firstunique information storage unit, and deletes the first device uniqueinformation from the first unique information storage unit; and a thirdwrite unit that writes the read first device unique information into thesecond unique information storage unit upon the deletion of the firstdevice unique information from the first unique information storageunit.
 21. The model change device of claim 20, wherein the firstrecord/playback device further includes: a first condition storage unitthat stores first usage condition information showing a first permissivecondition for use of the content; and a first condition judgment unitthat judges whether use of the content is permitted according to thefirst usage condition information stored in the first condition storageunit, and the second record/playback device further includes: a secondcondition storage unit that stores second usage condition informationshowing a second permissive condition for use of the content; and asecond condition judgment unit that judges whether use of the content ispermitted according to the second usage condition information stored inthe second condition storage unit, the third read unit further reads thefirst usage condition information stored in the first condition storageunit, and deletes the first usage condition information from the firstcondition storage unit, and the third write unit further writes the readusage condition information to the second condition storage unit. 22.The model change device of claim 20, wherein the first record/playbackdevice and the second record/playback device are separately connected tothe model change device via a network, the third read unit performs thereading and the deletion of the first device unique information storedin the first unique information storage unit via the network, and thethird write unit performs the writing of the read first device uniqueinformation into the second unique information storage unit via thenetwork.
 23. A model change device for canceling a record/playbackdevice that has been usable under a contract between a user and aservice provider, wherein the record/playback device includes: aninternal storage unit that stores a content that is a digital work; aunique information storage unit that prestores (i) device uniqueinformation to generate encrypted information, the device uniqueinformation indicating the record/playback device and (ii) contractinformation regarding the contract, the device unique information beingindependent of the contract information, the device unique informationbeing protected from being written over with an external device of therecord/playback device; an encryption unit that, when the stored contentis written from the internal storage unit to a recording medium device,encrypts the content stored in the internal storage unit based on thedevice unique information stored in the unique information storage unitto generate the encrypted information; a write unit that writes thegenerated encrypted information into a storage area of the recordingmedium device; a read unit that reads the encrypted information from thestorage area of the recording medium device to the record/playbackdevice; a decryption unit that decrypts the read encrypted informationbased on the device unique information stored in the unique informationstorage unit to generate a decrypted content; and a playback unit thatplays back the generated decrypted content, wherein the encryptedinformation is neither decrypted nor played back by any device otherthan the record/playback device generating the encrypted information,the model change device comprising: a read unit that reads the contractinformation from the unique information storage unit; and a cancellationunit that performs processing to cancel the contract with reference tothe read contract information.
 24. A model change device for changing afirst contract under which a record/playback device is usable to asecond contract, the first contract being between a user and a firstservice provider and the second contract being between the user and asecond service provider, wherein the record/playback device includes: aninternal storage unit that stores a content, the content being a digitalwork; a unique information storage unit that stores (i) device uniqueinformation to generate encrypted information, the device uniqueinformation indicating the record/playback device and (ii) firstcontract information regarding the first contract, the device uniqueinformation being independent of the first contract information, thedevice unique information being protected from being written over withan external device of the record/playback device; an encryption unitthat, when the stored content is written from the internal storage unitto a recording medium device, encrypts the content stored in theinternal storage unit based on the device unique information stored inthe unique information storage unit to generate the encryptedinformation; a write unit that writes the generated encryptedinformation into a storage area of the recording medium device; a readunit that reads the encrypted information from the storage area of therecording medium device to the record/playback device; a decryption unitthat decrypts the read encrypted information based on the device uniqueinformation stored in the unique information storage unit to generate adecrypted content; and a playback unit that plays back the generateddecrypted content, wherein the encrypted information is neitherdecrypted nor played back by any device other than the record/playbackdevice generating the encrypted information, the model change devicecomprising: a read unit that reads the first contract information fromthe unique information storage unit; a contract cancellation and changeunit that performs processing to cancel the first contract withreference to the read first contract information, and performsprocessing to make the second contract and to generate second contractinformation regarding the second contract; and a write unit that writesthe generated second contract information into the unique informationstorage unit, and deletes the first contract information from the uniqueinformation storage unit.
 25. A record and playback method for arecord/playback device that stores a content into a portable recordingmedium device, the content being a digital work, and plays back thecontent from the portable recording medium device, the recording mediumdevice including a storage area and being attached to therecord/playback device, the record/playback device being usable under acontract between a user and a service provider, the record and playbackmethod comprising: storing the content in an internal storage unit;prestoring device unique information to generate encrypted informationin a unique information storage unit, the device unique informationindicating the record/playback device and being protected from beingwritten over with an external device of the record/playback device; therecord and playback method comprising: encrypting the stored contentbased on the prestored device unique information to generate theencrypted information when the stored content is written from theinternal storage unit to the portable recording medium device; writingthe generated encrypted information into the storage area of therecording medium device; reading the encrypted information from thestorage area of the recording medium device to the record/playbackdevice; decrypting the read encrypted information based on the prestoreddevice unique information stored in the unique information storage unitto generate a decrypted content; and playing back the generateddecrypted content, wherein the encrypted information is neitherdecrypted nor played back by any device other than the record/playbackdevice generating the encrypted information, wherein a model changedevice replaces the record/playback device with another record/playbackdevice due to a change in the contract between the user and the serviceprovider, the device unique information stored in the unique informationstorage unit is read, the device unique information is deleted from theunique information storage unit and the read device unique informationis written into the other record/playback device.
 26. A computerreadable recording medium storing a record and playback program for arecord/playback device, the record/playback device storing a contentinto a portable recording medium device, the content being a digitalwork, and the record/playback device playing back the content, therecord/playback device being usable under a contract between a user anda service provider, the record and playback program comprising: anencryption operation of encrypting the content stored in an internalstorage unit of the record/playback device based on prestored deviceunique information to generate encrypted information, the device uniqueinformation indicating the record/playback device and stored in a uniqueinformation storage unit of the record/playback device, to generateencrypted information, the device unique information being protectedfrom being written over with an external device of the record/playbackdevice; a write operation of writing the generated encrypted informationinto a storage area of the recording medium device; a read operation ofreading the encrypted information from the storage area of the recordingmedium device to the record/playback device; a decryption operation ofdecrypting the read encrypted information based on the prestored deviceunique information stored in the unique information storage unit togenerate a decrypted content; and a playback operation of playing backthe generated decrypted content, wherein the encrypted information isneither decrypted nor played back by any device other than therecord/playback device generating the encrypted information, wherein amodel change device replaces the record/playback device with anotherrecord/playback device due to a change in the contract between the userand the service provider, the device unique information stored in theunique information storage unit is read, the device unique informationis deleted from the unique information storage unit and the read deviceunique information is written into the other record/playback device.